Open atanasdinov opened 3 weeks ago
https://docs.rke2.io/security/pod_security_standards#pod-security-standards
It looks like adding our own pss with metallb-system and ECO in the exempted list works and the second node joins once the speaker pod starts. I might take a moment later and role that into a EIB config to have a documented work around
We're currently deploying the plain MetalLB / ECO charts when a virtual IP address is specified. This is not working for CIS enabled clusters since those would then require additional values to be set:
Ensure that these charts can be properly deployed on such clusters (using
profile: "cis"
in the Kubernetes config file) and perhaps consider always using these defaults even for non-CIS ones.