rapid-helmet-86074
07/19/2022, 7:34 PM--protect-kernel-defaults must be true when using --profile=cis-1.6
, which I thought got set automatically when profile was set to cis-1.6.
So my question is did I mess something up with a conflict like the default pod security policy? Is CIS-1.6 not supported? Something else? Should I file a bug?creamy-pencil-82913
07/19/2022, 7:45 PMrapid-helmet-86074
07/19/2022, 7:47 PMcreamy-pencil-82913
07/19/2022, 7:51 PMrapid-helmet-86074
07/19/2022, 7:51 PMcreamy-pencil-82913
07/19/2022, 7:52 PMrapid-helmet-86074
07/20/2022, 4:51 PM/etc/rancher/rke2/config.yaml.d/50-rancher.yaml
and rebooting but it got reset back to false on reboot. I didn't see anything in the rancher-system-agent that jumped out as where it was getting its config, and I tried moving it to another location and rebooting but still pulling the old values. Do I need to uninstall rke2 and re-create the cluster?creamy-pencil-82913
07/20/2022, 5:21 PMrapid-helmet-86074
07/20/2022, 5:29 PM/etc/rancher/rke2/config.yaml.d/51-fix-missed-config.yaml
that just changes protect-kernel-defaults
to true it'll overwrite the false inside the 50 entry, or do I put it before because it'll ignore later after it's set?creamy-pencil-82913
07/20/2022, 5:49 PMrapid-helmet-86074
07/20/2022, 5:49 PMcreamy-pencil-82913
07/20/2022, 9:03 PM