Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong AdmissionConfiguration path in admission-controls.yaml.j2 #11733

Open
sasskinn12 opened this issue Nov 21, 2024 · 0 comments
Open

Wrong AdmissionConfiguration path in admission-controls.yaml.j2 #11733

sasskinn12 opened this issue Nov 21, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@sasskinn12
Copy link

What happened?

After enabling hardening policies using hardening.yaml, the path for real file is:
path: {{ kube_config_dir }}/admission-controls/{{ plugin | lower }}.yaml
not
path: {{ kube_config_dir }}/{{ plugin | lower }}.yaml as it is in template.

I suggest just update path in template?

Command i ran to enable additional security policies:
ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

What did you expect to happen?

Path in /etc/kubernetes/admission-controls/admission-controls.yaml is correct and point to real policy. E.g to
/etc/kubernetes/admission-controls/podsecurity.yaml in my case.

How can we reproduce it (as minimally and precisely as possible)?

ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

OS

Linux 6.8.0-48-generic x86_64
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

Version of Ansible

ansible [core 2.16.13]

Version of Python

ansible [core 2.16.13]

Version of Kubespray (commit)

f9ebd45

Network plugin used

calico

Full inventory with variables

Command used to invoke ansible

ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

Output of ansible run

Anything else we need to know

No response
@sasskinn12 sasskinn12 added the kind/bug Categorizes issue or PR as related to a bug. label Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sasskinn12