callum-stakater

the usage of User Assigned Managed Identity as described in https://github.com/upbound/provider-azure/blob/main/AUTHENTICATION.md is fundamentally broken as it depends on extending Kubelets permissions way beyond the scope of what it should have...

actually looking a bit closer at the error it is also flagged for the `.spec.securityContext.fsGroup: 2000` but same concept described above applies here

Not a problem, is the constant battle in the world of OpenShift administration :) The number 2000 isn't important here, the issue is as OpenShift does "Secure by default" it...

Ah nice, wasn’t aware of the annotation method, that does help On Tue 13. 12. 2022 at 8:25, Daniel K ***@***.***> wrote: > We are also running the operator on...

Yeah sorry it’s using a leader chart, the Chart.yaml pulls in another generic shared chart via the `dependencies:` block there, which is also public hosted chart so no auth in...

i see `helm install` has the flag: ``` --dependency-update update dependencies if they are missing before installing the chart ``` is OCM basically doing a `helm install` under the hood?

OK I found a way around it using jsonpatch instead which is maybe arguably a bit nicer anyway ``` apiVersion: machine.openshift.io/v1beta1 kind: MachineSet metadata: name: test-1 namespace: openshift-machine-api annotations: "redhat-cop.redhat.io/patch-type":...

either we should default this to ingress instead of route: https://github.com/stakater/Forecastle/blob/master/.github/workflows/push.yaml#L148 (cause ingress will also work on OCP where as route wont work on vanilla k8s) or add another job...