From 1969ac00ccde2e13aa3e23d38e7d1ea2ca32a12f Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 24 Jun 2022 13:34:20 +0200
Subject: [PATCH] we need to move cloud controller manager into kube-system,
else the cis-profile wont allow it to host mount
---
roles/rke2/templates/config.yaml.j2 | 4 ++++
roles/rke2/templates/kernel_params.conf.j2 | 3 ++-
roles/rke2/templates/manifests/deploy-openstack-ccm.j2 | 4 ++--
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/roles/rke2/templates/config.yaml.j2 b/roles/rke2/templates/config.yaml.j2
index 1be1547..7a63969 100644
--- a/roles/rke2/templates/config.yaml.j2
+++ b/roles/rke2/templates/config.yaml.j2
@@ -73,6 +73,10 @@ tls-san:
resolv-conf: "{{ resolv_conf_node }}"
{% endif %}
+
+{% if secrets_encryption is defined %}
+secrets-encryption: "{{ secrets_encryption }}"
+{% endif %}
{# Do not use it:
{% if node_external_ip is defined %}
diff --git a/roles/rke2/templates/kernel_params.conf.j2 b/roles/rke2/templates/kernel_params.conf.j2
index 5925d29..884a35f 100644
--- a/roles/rke2/templates/kernel_params.conf.j2
+++ b/roles/rke2/templates/kernel_params.conf.j2
@@ -1,3 +1,4 @@
vm.overcommit_memory=1
kernel.panic=10
-kernel.panic_on_oops=1
\ No newline at end of file
+kernel.panic_on_oops=1
+protect-kernel-defaults=true
\ No newline at end of file
diff --git a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2 b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
index 432f3b3..9b8cecb 100644
--- a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
+++ b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
@@ -3,7 +3,7 @@
kind: Namespace
apiVersion: v1
metadata:
- name: openstack-system
+ name: kube-system
---
@@ -18,7 +18,7 @@ spec:
chart: openstack-cloud-controller-manager
version: {{ item.value.version | default("1.3.0") }}
bootstrap: True
- targetNamespace: openstack-system
+ targetNamespace: kube-system
valuesContent: |-
cloudConfig:
global:
--
GitLab