Simon Dickhoven
Simon Dickhoven
>Would syncing the secret object to OPA work instead? at the moment you can only sync secrets more or less indiscriminately. if you're worried about malicious constraint template authors then...
i am seeing the same problem. my setup is very similar to @psharik1's setup: cluster-autoscaler v1.23.1 ```yaml ... - command: - ./cluster-autoscaler - --cloud-provider=aws - --namespace=kube-system - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/build1-east1-us-prod - --balance-similar-node-groups=true...
we use [ingress-nginx](https://github.com/kubernetes/ingress-nginx) which uses this image as default backend: https://github.com/kubernetes/ingress-nginx/blob/controller-v1.5.1/charts/ingress-nginx/values.yaml#L779-L780 we have just spun up a new kubernetes node pool with arm instances (which are cheaper, have better performance,...
hi @inteon 👋 ah, yes. i recently ran into the same issue and it has to do with how i am using this helm chart. 🤦 specifically i'm using helm...
so, yeah... turns out that this is a known issue and is caused by the "AZRebalance" feature of the ec2 autoscaling group that is created by eks managed nodegroups. this...
proxy protocol would also be needed for pointing cloudflared at an ingress controller that expects a proxy protocol header. we have the following setup in aws: ``` nlb(proxy_protocol_v2.enabled=true,preserve_client_ip.enabled=false) -> ingress-nginx(use-proxy-protocol:...
> You can already use `triggers` in `null_resource` as a place to retain data you need at destroy time Unfortunately, those triggers also cause a new resource to be created...
there's also the use case of: ``` provisioner "local-exec" { when = destroy command = format("%s/scripts/tag.sh", path.module) ... ``` if i want to use a `local-exec` provisioner for a `null_resource`...
we are managing 700+ domains (plus records) with terraform in cloudflare. our resource naming is perfect for prefix wildcarding (if that's easier to implement than full-on globbing): ``` terraform apply...
i just discovered that this issue is present in the latest 4.x release as well... which we have been _forced_ to adopt now because of cloudflare's recent api changes. so...