I'm currently in the process of migrating my homelab, which runs on containers in a Proxmox VM, to a Kubernetes cluster set up with three VMs using Talos Linux. When using kubectl, everything runs smoothly, but I've hit a snag while transitioning to a GitOps approach with ArgoCD.
I initially deployed Cilium using a Helm template to generate a YAML file, which worked perfectly. However, when I pushed my Argo app.yaml for Cilium using Helm combined with values.yaml files, I started getting errors when Argo attempts to apply it. The specific error messages I receive indicate issues with container creation, with an OCI runtime error stating it can't apply capabilities because of permission issues.
I've tried several things: removing all capabilities didn't help, setting 'privileged: true' also didn't resolve the issue, and disabling the initContainer didn't either. This whole process is quite frustrating since I don't have anyone to turn to for advice—except for a language model, which hasn't been very helpful!
4 Answers
You might want to try using the Cilium CLI instead of Argo to see if the same issue occurs there. It could help rule out any potential issues specific to Argo.
Make sure your Cilium containers are given the correct capabilities. I also use Argo CD with Cilium in my home setup. Here’s a link to my values file for reference—it might be helpful. [GitHub repo](https://github.com/Tiagura/k8s-gitops/blob/main/infrastructure/networking/cilium/values.yaml)
In my opinion, rendering Helm inside Argo doesn't really fit the GitOps model. Ideally, GitOps should involve the rendered manifests being stored in Git. But that's just my take.
First, check what namespace you're deploying Cilium into. It needs to have the right privileges assigned. Make sure it's in the kube-system namespace, as that one usually has the necessary permissions.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically