Dan

Just cert-manager and cnpg for those (and an istio-sidecar-injector despite having removed istio a while ago) weirdly cilium did run fine after adding the annotations back? Haven't tried with a...

Yeah but that webhook only applies to cnpg postgress backup objects according to it's rules. Either way the created cilium pods end up with the apparmor context defined as expected...

last I ran across this setting the namespace to restricted prevent the init pods from starting entirely

It does work, technically. It is good for getting a cluster view of the traffic flow at the bottom. I use the tool exclusively for troubleshooting network policies currently. Due...

My current solution: In an init container just take the config which is stored as a configmap, and copy it into an emptyDir container ``` command: - '/bin/sh' - '-c'...

Wouldn't the gasket drivers work for that?

https://github.com/siderolabs/extensions/tree/main?tab=readme-ov-file#drivers > [gasket](https://github.com/siderolabs/extensions/blob/main/drivers/gasket) [ghcr.io/siderolabs/gasket-driver](https://github.com/siderolabs/extensions/pkgs/container/gasket-driver) Driver for Google Coral PCIe devices gasket driver upstream short commit-talos version Those might be what you need, or could be a good starting point if...

My hope for secrets would be that if I create a client CR that isn't public, then a secret would be created that contains the generated client secret. That way...

Just throwing out that the docs were still somewhat missing on this. For a worker/storage node I had to dig up the kubelet args and set ``` machine: kubelet: extraArgs:...

Related: https://github.com/nextcloud/docker/issues/340 Yes this is terrible design and I have not seen a single container do this in 10 years of using docker/containers. It isn't uncommon for static files to...