best-microphone-20624
01/27/2023, 12:15 PMcreamy-pencil-82913
01/27/2023, 5:20 PMbest-microphone-20624
01/28/2023, 5:45 AMcalico-system
and calico-apiserver
namespaces. Did I get that wrong for RKE2?calico-node
Daemonset deployed to the calico-system
namespace runs with securityContext.privileged: true
.` This seems problematic for the Restricted profile. As a result, shouldn't this namespace be included in the namespace exemptions list?calico-apiserver
to the exemption list as well just in case. Thoughts? https://github.com/rancher/rke2-charts/blob/dbade3fffd47efcf5ad28f11f8cc3216e50632[…]/packages/rke2-calico/generated-changes/patch/values.yaml.patch,creamy-pencil-82913
02/01/2023, 8:50 PMbrandond@dev01:~$ kubectl get namespace calico-system -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2023-02-01T20:49:06Z"
labels:
<http://kubernetes.io/metadata.name|kubernetes.io/metadata.name>: calico-system
name: calico-system
<http://pod-security.kubernetes.io/enforce|pod-security.kubernetes.io/enforce>: privileged
<http://pod-security.kubernetes.io/enforce-version|pod-security.kubernetes.io/enforce-version>: latest
name: calico-system
ownerReferences:
- apiVersion: <http://operator.tigera.io/v1|operator.tigera.io/v1>
blockOwnerDeletion: true
controller: true
kind: Installation
name: default
uid: 37ca9fde-175a-4d75-83f4-1cb9bb0af38e
resourceVersion: "835"
uid: 1a56a63b-d54e-436c-a5d1-d52cf8b155c3
spec:
finalizers:
- kubernetes
status:
phase: Active
best-microphone-20624
02/01/2023, 8:59 PMcreamy-pencil-82913
02/01/2023, 9:03 PM