This repository has been archived by the owner on Aug 28, 2024. It is now read-only.
Add kyverno exceptions for kube-system pods #653
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
RKE2 pods in the kube-system namespace violate many Kyverno policies (allowed registry, host path mounts, host network etc).
After kyverno is deployed in the cluster, adding or upgrading nodes fails.
As a temporary workaround, we are adding
kube-systemto the list of exempt namespaces, but longer term we should add more targeted policy exceptions.The text was updated successfully, but these errors were encountered: