Replies: 1 comment 2 replies
-
|
To make things repeatable properly, the easiest way is to make Longhorn installation procedure (e.g. Helm) to set the proper label itself. (It might be there, just needs to be configured). If you would like to change default Kubernetes API server admission control, you need to make a config patch for it. Something like this should work: cluster:
apiServer:
admissionControl:
- name: PodSecurity # Name is the name of the admission controller.
configuration:
exemptions:
namespaces:
- longhorn-systemThe reason you're getting |
Beta Was this translation helpful? Give feedback.
-
|
those config patch, are they cumulative or they override ? for example by default I believe kube-system is there by default, would this config patch remove it or it'll just add longhorn-system to the current exemptions ? and I am indeed using Omni thanks ! |
Beta Was this translation helpful? Give feedback.
-
|
Please see documentation for more details, but tl;dr is that list values are merged. |
Beta Was this translation helpful? Give feedback.
-
So I'm still learning here. I'm trying to install longhorn. I've managed to give the proper permission using one time command so the install could proceed (
kubectl label ns longhorn-system pod-security.kubernetes.io/enforce=privileged). However if I want things to be repeatable properly, I'm not sure how to go about updating this. I created a yaml file using the output oftalosctl get admissioncontrolconfigs.kubernetes.talos.dev admission-control --nodes 192.168.60.170 -o yaml. yet if I try to apply it:talosctl apply-config -f ./helm/permission.longhorn.yaml -m try error applying new configuration: 3 errors occurred: * 192.168.60.168: rpc error: code = PermissionDenied desc = not authorized * 192.168.60.170: rpc error: code = PermissionDenied desc = not authorized * 192.168.60.169: rpc error: code = PermissionDenied desc = not authorizedany guidance would be very appreciated.
thanks
Beta Was this translation helpful? Give feedback.
All reactions