Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 initialManifests not working as expected #7993

Closed
Tracked by #7561
wibed opened this issue Nov 28, 2023 · 4 comments · Fixed by #8024
Closed
Tracked by #7561

🐛 initialManifests not working as expected #7993

wibed opened this issue Nov 28, 2023 · 4 comments · Fixed by #8024
Assignees
@DmitriyMV

Comments

@wibed
Copy link

wibed commented Nov 28, 2023
edited
Loading

i get mapping errors trying to install manifests on bootstrap

first error:

"controller": "k8s.ExtraManifestController", "error": "1 error occurred:\x5cn\x5ct* error upd 
 ating manifests: error loading JSON manifest into unstructured: json: cannot unmarshal string into Go  
 value of type map[string]interface {}\x5cn\x5cn"}

cleaned the file with the online tool:
https://validkube.com
there was a empty resources: [] generated somewhere

then the error changed into:

10.0.48.58: user: warning: [2023-11-28T07:11:06.121738599Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.ExtraManifestController", "error": "1 error occurred:\x5cn\x5ct* error updating manifests: error converting manifest to JSON: yaml: line 2: mapping values are not allowed in this context\x5cn\x5cn"}

it worked with a helm install right of the bat.

the patch.yaml

machine:
  certSANs:
    - 192.168.1.241
    - 10.0.48.66
    - 127.0.0.1
  features:
    kubePrism:
      enabled: true
      port: 7445
cluster:
  apiServer:
    certSANs:
      - 192.168.1.241
      - 10.0.48.66
      - 127.0.0.1
  network:
    cni:
      name: none
  proxy:
   disabled: true
  inlineManifests:
    - name: cilium
      contents: |

        --
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: cilium
          namespace: kube-system
        ---
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: cilium-operator
          namespace: kube-system
        ---
        apiVersion: v1
        data:
          ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU52K1VZVHBvZE5NOWU1UXMveW5uS2N3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl6TVRFeU9EQTFNakV3TTFvWERUSTJNVEV5TnpBMQpNakV3TTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFybjhWQ2FqZmJ0M1YrNjBLb200cnMrQWw4NzNndDg1cFRCTU9JcXVrbkdyWVNPaisKRit4Zmo1MjZmZXE0VjJGVGl2d2RxWkFDVHJZV0ZaWkl0WklycW8rODFYUkNWa0R0UVVOVERRVmFuTGcwaS9wOApRQTEyemludy9QSi9XeGJMb2Y1a0tlWW5JYTBxaFJxTWJteWlNQlBGOFZaS1A1Kyt1ZEJsTkloRFNRanluWlIwClYrVnBNb2JSbXhlUFVlTGJzRnJJSENzMEhXbGhDWW51bTM0a2VKbTBaekhjSzJXSVo1MWxYWTQ0VTQrWWdiNzkKcjFMNjNEKzZ2MHZTR3VPaVFuOGxqcjRyZ0hnMGNoQWpPTytSY2NqRk9WZHlXN1pKZkl3YytSYngrZUlLTC9GOAoxcFNISHlWVGE3eWNIMW1WcmtzWXZkcHJ6cHFzUHlIUGJUcmlDUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGTHh6T1hvRGhhRGtBVnVpU0NtbU1CcWR1dFVwTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQWdlam9jSllsWWhBUWZGY04yeldCeGpFTFFLRGtYL2VvNnZvZVNZL1pmMk8yR3J2OEpBeUkvCjZxNUNGOCtxU210WXBxOCtlU2Q5Q2QwV2s1V0Vqd3NsbHdTSlNQYjkxRU5vajlLUll4RjlCWVF6SC82Wm4xczEKMFNBQ0wxU09mWndrbEtQcC9IN0R1ayt5TFp2ektwOWtkSWpmeE8rLzByNC9Gd3Q3REZVZ21jUS9QUnpJZDNleAptZFlSMGpPeE5PY2NQaytvWURtM3lGeEdhZ1BPeSszYlErY3lkeUQwUTM3SHlnU2ZsL0ZVTE1xa1h0c0ZzNFd2ClluTWtDS0lXSTBPVUFQSExZdnhVWUVoR250dVFwdUlldE41WVU0dUU1eHlhUnZsN3R0bVBOYld3WG5FUG0yMmMKWmxkbk9YVkEwNG5pSTgvYmJaell4YmRWdGdsSTB0a0oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
          ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcm44VkNhamZidDNWKzYwS29tNHJzK0FsODczZ3Q4NXBUQk1PSXF1a25HcllTT2orCkYreGZqNTI2ZmVxNFYyRlRpdndkcVpBQ1RyWVdGWlpJdFpJcnFvKzgxWFJDVmtEdFFVTlREUVZhbkxnMGkvcDgKUUExMnppbncvUEovV3hiTG9mNWtLZVluSWEwcWhScU1ibXlpTUJQRjhWWktQNSsrdWRCbE5JaERTUWp5blpSMApWK1ZwTW9iUm14ZVBVZUxic0ZySUhDczBIV2xoQ1ludW0zNGtlSm0wWnpIY0syV0laNTFsWFk0NFU0K1lnYjc5CnIxTDYzRCs2djB2U0d1T2lRbjhsanI0cmdIZzBjaEFqT08rUmNjakZPVmR5VzdaSmZJd2MrUmJ4K2VJS0wvRjgKMXBTSEh5VlRhN3ljSDFtVnJrc1l2ZHByenBxc1B5SFBiVHJpQ1FJREFRQUJBb0lCQUJoejlwN0Q2NHU5eXA3YQpRUU5DTFIybjY2bWNra0V2eTlHOVdkM0I3Kzk3aVpPdUV1MkhVbHp0M1pTSHNBMk90Z1prRGtRVXlqMzlobHJBCkZMQmRLNEZiWXpzR2I4Vm1rOWp4ZGxIOHpoWG9PblRqUlVZMG5OR0hUeDRqWFhXR1hFTDNRMUlienFBSmhFdmkKeklzczdnMk90ODU2S1MyQlZWajB1em9CWG14OWVRaTVnL2d4cFNpdnJML1BWTkQ0Zm1RVnB3eTBSdlRRTE9IdAprUW1jUWpEUWNWMUZEbjFRekpCYXlrWXFWbTZlcVJUT2xaUWQ0eUdVUlcwaVNacTd3TzY3RTNOZ3FFQmZBZHFmCnZmYlpWaDQ0NjBZajZ4K0MzbnhLNUp0b0duR0IvaWIwSG5WNTQ1OVBHOWt3YW00ajZWc2NLQURkSVVxWGFUb2cKc0tpaDNnRUNnWUVBd1Q2MEdXdEdBcGV0L2RnVnIrSXR6V1RKUkxqbGk5OHlEN3k5bjRnbGVtcGRPM2E1OURRRwp1MklLbjJ0N3JVNlpGOGYrZ2xvZXNqMjJaVnRvc2ZXSWl6NFcyY0FuOG04Rjk3NHB3S2g1OHdORjFhdU5KcXF0Cjd3OEtnZXc2aFVzaHJhUXhQNWpWQ2pnT01LSzFQSDFSMXQ0S2dLR1hCdXZvTWxuY1BnMXBRVTBDZ1lFQTV5bTcKYmczcVpzTk1NQmkvU25kZE5vZXFMYkVCVVhlTTVxWW13MGVhVjZEay96ODY3Rnd2UUE1Sng3UHpheHFzc3dheAo2NlhWRmNwN3dpeGVlbEhPUnVSb1BEMkdTZnk2YlF3cGZaWU55WHQ0Mi9UV1RXRkJmd1hHUTNYQzF3SE9NbCtJCnlRUDdjWDhaRGduTlN5aFNCR3BwaWV2ejhuNy9oc2xYLzdpQVJhMENnWUEvejczVyt2Wm1Xc0hvcGRjYmVqdVgKckdWTjNTUm5tSzlHUlJQMHZ4ZHBJZ0JoWjJZbVBwdk9lcVI1V2h1LzhjbFo4ZitYK2J4VExVK3lqb20yNGhaUgpySklORzRmVlpWWDZKZ0JSanhDZDc0RzYrZWdsVVkwWCtNYUdlb1FraWRlNEtCVGZKRStORFUrYVBkQk5CakRsCkcvTXA0TEluWmZVSjAyU0gxUlBoclFLQmdRQ0c4TXlSL1J1VkszSmhMVUVWaGtKcW41MVBHT0hOSGIycHN0b3oKNnF1RmRjM1gxcUJkODU0OWhWbTZjeWlvb0NTcVNVRTViMC9KYmE3NjlZMmRWLzNUVW1ncXFqdW5HeG4wcUVIYwpKdWtiY2JGbXJURWdjS0tjTk5HODlaUnNrSWcrelpmNnlCRlMrciswZXpKVktrOWVkb1B2V0ViS2l5bzlFM0lFClBEN2M3UUtCZ1FDRXJhOE1TOFpQbWFSVk9Cc0RPcGtEMjBtYi9FVDZLbWFTUHJLOHpRSTg5MUhSd2RhS3NTTWEKQVBTdkJNTDRnK2lZUEU3RWtrVkpMQnE1MG9NYSsyWDhhL1lxK0R2TWZLVXlqMjc1cXc2Q0sxMDVOSnFjNi9jKwo5dTZCVlJ3aEVoTU9TV1RBcEdtdStlNlBGZDFkMU5uUEN6eHpWVGcwSjVhS0xVNU0yclJCY1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
        kind: Secret
        metadata:
          name: cilium-ca
          namespace: kube-system
        ---
        apiVersion: v1
        data:
          ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU52K1VZVHBvZE5NOWU1UXMveW5uS2N3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl6TVRFeU9EQTFNakV3TTFvWERUSTJNVEV5TnpBMQpNakV3TTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFybjhWQ2FqZmJ0M1YrNjBLb200cnMrQWw4NzNndDg1cFRCTU9JcXVrbkdyWVNPaisKRit4Zmo1MjZmZXE0VjJGVGl2d2RxWkFDVHJZV0ZaWkl0WklycW8rODFYUkNWa0R0UVVOVERRVmFuTGcwaS9wOApRQTEyemludy9QSi9XeGJMb2Y1a0tlWW5JYTBxaFJxTWJteWlNQlBGOFZaS1A1Kyt1ZEJsTkloRFNRanluWlIwClYrVnBNb2JSbXhlUFVlTGJzRnJJSENzMEhXbGhDWW51bTM0a2VKbTBaekhjSzJXSVo1MWxYWTQ0VTQrWWdiNzkKcjFMNjNEKzZ2MHZTR3VPaVFuOGxqcjRyZ0hnMGNoQWpPTytSY2NqRk9WZHlXN1pKZkl3YytSYngrZUlLTC9GOAoxcFNISHlWVGE3eWNIMW1WcmtzWXZkcHJ6cHFzUHlIUGJUcmlDUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGTHh6T1hvRGhhRGtBVnVpU0NtbU1CcWR1dFVwTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQWdlam9jSllsWWhBUWZGY04yeldCeGpFTFFLRGtYL2VvNnZvZVNZL1pmMk8yR3J2OEpBeUkvCjZxNUNGOCtxU210WXBxOCtlU2Q5Q2QwV2s1V0Vqd3NsbHdTSlNQYjkxRU5vajlLUll4RjlCWVF6SC82Wm4xczEKMFNBQ0wxU09mWndrbEtQcC9IN0R1ayt5TFp2ektwOWtkSWpmeE8rLzByNC9Gd3Q3REZVZ21jUS9QUnpJZDNleAptZFlSMGpPeE5PY2NQaytvWURtM3lGeEdhZ1BPeSszYlErY3lkeUQwUTM3SHlnU2ZsL0ZVTE1xa1h0c0ZzNFd2ClluTWtDS0lXSTBPVUFQSExZdnhVWUVoR250dVFwdUlldE41WVU0dUU1eHlhUnZsN3R0bVBOYld3WG5FUG0yMmMKWmxkbk9YVkEwNG5pSTgvYmJaell4YmRWdGdsSTB0a0oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
          tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWakNDQWo2Z0F3SUJBZ0lRREZIdEszcHdVeHhuWndPT0paMWc0ekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05Nak14TVRJNE1EVXlNVEEwV2hjTk1qWXhNVEkzTURVeQpNVEEwV2pBcU1TZ3dKZ1lEVlFRRERCOHFMbVJsWm1GMWJIUXVhSFZpWW14bExXZHljR011WTJsc2FYVnRMbWx2Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNUlrN1F6WGdvOVJSdTB0UUc4VWoKa09jU2pXZllISUFtbXl3dHoxQWt0U2pFTi9FcmpZOFcxdVRFNGs4YXgrL2dvNjVGSFJueTRMZFhHWFg0R1dNdwpPa1hzdTk5ZEpDeU9JS280SEluNUJscmJhbGxaS0dNU3dFelRJNGNzQndiODB2dlphbC9OTndyOU1JM3p3NWFXCk9lRHN3VHVBdERLSXpiNXg1emM2TkNneTFWMlhMTnZwVFU0TlRsWTdxQXhpa0dleElCTlVQdkJVZ243Z2N0UFUKaEI5cFp4Y0tMSCsraEFmK2RYanNlczVVSGFXRDNHMVBxTkw1WVhRZGZiemdrTFFnaEtMeUgrRUpKZlZzakFIdQpya3hHRXlURmY4a25DOW5PM1dvMHBUMFhXTEJpMXh4cTFBcjFhZUJ4RU4rWEZzMTZycC9iMWhQbUZ4eTVzdVJsClpRSURBUUFCbzRHTk1JR0tNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0QKQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTOGN6bDZBNFdnNUFGYgpva2dwcGpBYW5iclZLVEFxQmdOVkhSRUVJekFoZ2g4cUxtUmxabUYxYkhRdWFIVmlZbXhsTFdkeWNHTXVZMmxzCmFYVnRMbWx2TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDV25hQ0dPZVNFVTI4YXJZd3pEWDFtZ1Evakw2M3gKbnp4Y0N1djY1aG9hOWZjOHFzK0Z0Sm80dkFLekc3bHBhMTdZaFFhNDM2b0VCbm1aSkc1eUt2NU81MmUyYWlNdwpJclBwbTFRdStFZC9KQ3ZpRDhsV3hZWGtsZUVoTTd3dDRpQlRjUHgvUkdiaGRSNzlSUW4vNy9ITlZjOHlpTmNlCnFLclVjYW9KUU94Vk1zcGI4Mk94a01DWkFUZW5yMU9ZWUtwdlF0NjNseFdKRWt1NG5HUmg1WjNqclBmYUtwbUIKVHp3elBQY3EyYmpRNlBDS211NHRpK0VyMmMyNEJwVXdxeHpMdXFkMDA5N0E0aVF1endjUzFiTnE1bW94TkNVMQowbmt1MjMwZklwdE9NOHphaWN2TE0rL1FzM0d6cE1HZmpIb2s2ajc0UTNWdE1WWXA1VWF2TXU3RwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
          tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNUlrN1F6WGdvOVJSdTB0UUc4VWprT2NTaldmWUhJQW1teXd0ejFBa3RTakVOL0VyCmpZOFcxdVRFNGs4YXgrL2dvNjVGSFJueTRMZFhHWFg0R1dNd09rWHN1OTlkSkN5T0lLbzRISW41QmxyYmFsbFoKS0dNU3dFelRJNGNzQndiODB2dlphbC9OTndyOU1JM3p3NWFXT2VEc3dUdUF0REtJemI1eDV6YzZOQ2d5MVYyWApMTnZwVFU0TlRsWTdxQXhpa0dleElCTlVQdkJVZ243Z2N0UFVoQjlwWnhjS0xIKytoQWYrZFhqc2VzNVVIYVdECjNHMVBxTkw1WVhRZGZiemdrTFFnaEtMeUgrRUpKZlZzakFIdXJreEdFeVRGZjhrbkM5bk8zV28wcFQwWFdMQmkKMXh4cTFBcjFhZUJ4RU4rWEZzMTZycC9iMWhQbUZ4eTVzdVJsWlFJREFRQUJBb0lCQVFETlVuM3I1SHZ1dE5LNQpjdkNHQXBmeGw2a1RZampIWWx0TkRtUVozZWNjMjROdXZ6NWg4Q3lVNVBQK1h4T3dqZE5GTzB6YzJITmRjVnJQCmhTMWhvYnV5bnlBUnFwd0Q1QVBOVlNFVWd1RTQxR2hOSS9qMlVBeUl1SHo1Ym5nZjJDZE5admZ1bWlQRlVCb3AKaFY5OFdjNmVNWGFFSlBGODgrbjA3eVZtbGplMG9yWm8xcDN1UjQ2QWtrdnBNL1g0UnB5bXIzTEFrWTd4ZW9OcgpXeURHNWdmczVSMXorRnBYd0hvZlVwN0ZPR0VqS0hHMzRyUFJ2SHFSKzlNaUFaVXRJZVJlOENENnJYTlBKZjY1CkZPU2UvNXhSTHltalRObkpOVzduZTBlKzkxZ0tYUlJsd3VIK1o3YWRKTnBRQkdkYUZHMzlZbmptS2ZMcStMOUcKSStqTlFrQUJBb0dCQVBIL0E4dU5vYnFNcC9ValdMaEc5VmhHVm44dHc1UzF2aWVkK0oxSWxsVFRUaDZzRGMzLwo3RERpY0NDWVBUMTAvYzZiUzFkUlZaYndmT3RLb3dZaDUzcmp3ekUrdW9VanYrTVBDV3RCV2ZlWXUyWnBSdVBvCm5uN05NM0l5MklpQ3RCZmdsUFpwZWFOSERxNlRxK1ZiVnlIeCtkdkJLQzBFZnAzN09OdDh4NDBKQW9HQkFQSEMKME55VEdWeWhWMHJVdXQrUnpPNkxaK2JpdGMxdmpneTZYODlDc3BVSTFKWUh2Y09kL1g0d1NTQ0xDNmZ5UzJ3TQpBS21JWU5uRkxZdTd2RUtRZHJaZUdxeVZKa2NuL0JSc2lud09yQ2pSNWd0RkxYbjdSajFFVDFiWkN1VGtoOEJLCnBqM3ovbUFFUFcxSS9sS0llUjQvdnhKZVNqZWh6NGhrWFB4VCtraDlBb0dBSkdEdHRSL3BmQjNBOGYwS1RVbDkKZ0hPeWRSUHdIdDdqWXhsQVVvU2k5TVYvTE9VNGZndEcrbUpQOE5aeC9sY2tBSGNmOEZSdHhXOEptR1Z6OUd3TQpYRkQ0K3VJdkwreWI0QXBXcENVQzNWRzhlanpCUjJta3lmTVhGTWZIL1YySXJUNDVwb0ZjbzhyK3pnZXRBNkdqCmk1clFzTlJzc2JmSFFRQ1BINCsyZitFQ2dZQjYzdVIvOWxNQmZRNThmYm1zUHRIRXV4MUhmeG1mRzM4NmdNNkkKN0FFUE5ibTF0cUYvZGlDTHJjYTh2MjVoSVFlc0ZqMlA3RHdzOGNYQUt0MzNocXlPNnl6clliSmVuN2ZDT1pmNApqUXg2Z3BORVR4aFowcGRVTkErT3VDaU5SSWlwOWthZlhnNStoaWtpRGVNVDEwQ1hXeGFsSXo3ZEgyUDJrZXVnCllwM2xrUUtCZ1FDK0ZDanRPYTA1eXpOemd1RjNxczFoTVhtTXNRMVEvMXNXbUZRZzdVRlRya1Z5T0lseW56OWYKNUM3WHROazBHREdyUFArN016amh2SlhYYUlqWElmbngveDY2ZXF5RmZhRGdNcFFUQ0NHSEU1cTYwVTQrdk1aVgpPSk9BMWdGLzM0UmQ4RmFOc0JQN0pBWEtOa2gva0RoUXgzaG9rRHB0NWIzbVBhOXYwa3NoSGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
        kind: Secret
        metadata:
          name: hubble-server-certs
          namespace: kube-system
        type: kubernetes.io/tls
        ---
        apiVersion: v1
        data:
          agent-not-ready-taint-key: node.cilium.io/agent-not-ready
          arping-refresh-period: 30s
          auto-direct-node-routes: "false"
          bpf-lb-external-clusterip: "false"
          bpf-lb-map-max: "65536"
          bpf-lb-sock: "false"
          bpf-map-dynamic-size-ratio: "0.0025"
          bpf-policy-map-max: "16384"
          bpf-root: /sys/fs/bpf
          cgroup-root: /sys/fs/cgroup
          cilium-endpoint-gc-interval: 5m0s
          cluster-id: "0"
          cluster-name: default
          cni-exclusive: "true"
          cni-log-file: /var/run/cilium/cilium-cni.log
          cnp-node-status-gc-interval: 0s
          custom-cni-conf: "false"
          debug: "false"
          disable-cnp-status-updates: "true"
          egress-gateway-reconciliation-trigger-interval: 1s
          enable-auto-protect-node-port-range: "true"
          enable-bgp-control-plane: "false"
          enable-bpf-clock-probe: "false"
          enable-endpoint-health-checking: "true"
          enable-health-check-nodeport: "true"
          enable-health-checking: "true"
          enable-hubble: "true"
          enable-ipv4: "true"
          enable-ipv4-big-tcp: "false"
          enable-ipv4-masquerade: "true"
          enable-ipv6: "false"
          enable-ipv6-big-tcp: "false"
          enable-ipv6-masquerade: "true"
          enable-k8s-networkpolicy: "true"
          enable-k8s-terminating-endpoint: "true"
          enable-l2-neigh-discovery: "true"
          enable-l7-proxy: "true"
          enable-local-redirect-policy: "false"
          enable-policy: default
          enable-remote-node-identity: "true"
          enable-sctp: "false"
          enable-svc-source-range-check: "true"
          enable-vtep: "false"
          enable-well-known-identities: "false"
          enable-xt-socket-fallback: "true"
          external-envoy-proxy: "false"
          hubble-disable-tls: "false"
          hubble-listen-address: :4244
          hubble-socket-path: /var/run/cilium/hubble.sock
          hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
          hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
          hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
          identity-allocation-mode: crd
          identity-gc-interval: 15m0s
          identity-heartbeat-timeout: 30m0s
          install-no-conntrack-iptables-rules: "false"
          ipam: kubernetes
          ipam-cilium-node-update-rate: 15s
          k8s-client-burst: "10"
          k8s-client-qps: "5"
          kube-proxy-replacement: "true"
          mesh-auth-enabled: "true"
          mesh-auth-gc-interval: 5m0s
          mesh-auth-queue-size: "1024"
          mesh-auth-rotated-identities-queue-size: "1024"
          monitor-aggregation: medium
          monitor-aggregation-flags: all
          monitor-aggregation-interval: 5s
          node-port-bind-protection: "true"
          nodes-gc-interval: 5m0s
          operator-api-serve-addr: 127.0.0.1:9234
          preallocate-bpf-maps: "false"
          procfs: /host/proc
          proxy-connect-timeout: "2"
          proxy-max-connection-duration-seconds: "0"
          proxy-max-requests-per-connection: "0"
          proxy-prometheus-port: "9964"
          remove-cilium-node-taints: "true"
          routing-mode: tunnel
          set-cilium-is-up-condition: "true"
          set-cilium-node-taints: "true"
          sidecar-istio-proxy-image: cilium/istio_proxy
          skip-cnp-status-startup-clean: "false"
          synchronize-k8s-nodes: "true"
          tofqdns-dns-reject-response-code: refused
          tofqdns-enable-dns-compression: "true"
          tofqdns-endpoint-max-ip-per-hostname: "50"
          tofqdns-idle-connection-grace-period: 0s
          tofqdns-max-deferred-connection-deletes: "10000"
          tofqdns-proxy-response-max-delay: 100ms
          tunnel-protocol: vxlan
          unmanaged-pod-watcher-interval: "15"
          write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
        kind: ConfigMap
        metadata:
          name: cilium-config
          namespace: kube-system
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRole
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium
        rules:
        - apiGroups:
          - networking.k8s.io
          resources:
          - networkpolicies
          verbs:
          - get
          - list
          - watch
        - apiGroups:
          - discovery.k8s.io
          resources:
          - endpointslices
          verbs:
          - get
          - list
          - watch
        - resources:
          - namespaces
          - services
          - pods
          - endpoints
          - nodes
          verbs:
          - get
          - list
          - watch
        - apiGroups:
          - apiextensions.k8s.io
          resources:
          - customresourcedefinitions
          verbs:
          - list
          - watch
          - get
        - apiGroups:
          - cilium.io
          resources:
          - ciliumloadbalancerippools
          - ciliumbgppeeringpolicies
          - ciliumclusterwideenvoyconfigs
          - ciliumclusterwidenetworkpolicies
          - ciliumegressgatewaypolicies
          - ciliumendpoints
          - ciliumendpointslices
          - ciliumenvoyconfigs
          - ciliumidentities
          - ciliumlocalredirectpolicies
          - ciliumnetworkpolicies
          - ciliumnodes
          - ciliumnodeconfigs
          - ciliumcidrgroups
          - ciliuml2announcementpolicies
          - ciliumpodippools
          verbs:
          - list
          - watch
        - apiGroups:
          - cilium.io
          resources:
          - ciliumidentities
          - ciliumendpoints
          - ciliumnodes
          verbs:
          - create
        - apiGroups:
          - cilium.io
          resources:
          - ciliumidentities
          verbs:
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumendpoints
          verbs:
          - delete
          - get
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnodes
          - ciliumnodes/status
          verbs:
          - get
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnetworkpolicies/status
          - ciliumclusterwidenetworkpolicies/status
          - ciliumendpoints/status
          - ciliumendpoints
          - ciliuml2announcementpolicies/status
          verbs:
          - patch
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRole
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium-operator
        rules:
        - resources:
          - pods
          verbs:
          - get
          - list
          - watch
          - delete
        - resources:
          - nodes
          verbs:
          - list
          - watch
        - resources:
          - nodes
          - nodes/status
          verbs:
          - patch
        - apiGroups:
          - discovery.k8s.io
          resources:
          - endpointslices
          verbs:
          - get
          - list
          - watch
        - resources:
          - services/status
          verbs:
          - update
          - patch
        - resources:
          - namespaces
          verbs:
          - get
          - list
          - watch
        - resources:
          - services
          - endpoints
          verbs:
          - get
          - list
          - watch
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnetworkpolicies
          - ciliumclusterwidenetworkpolicies
          verbs:
          - create
          - update
          - deletecollection
          - patch
          - get
          - list
          - watch
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnetworkpolicies/status
          - ciliumclusterwidenetworkpolicies/status
          verbs:
          - patch
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumendpoints
          - ciliumidentities
          verbs:
          - delete
          - list
          - watch
        - apiGroups:
          - cilium.io
          resources:
          - ciliumidentities
          verbs:
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnodes
          verbs:
          - create
          - update
          - get
          - list
          - watch
          - delete
        - apiGroups:
          - cilium.io
          resources:
          - ciliumnodes/status
          verbs:
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumendpointslices
          - ciliumenvoyconfigs
          verbs:
          - create
          - update
          - get
          - list
          - watch
          - delete
          - patch
        - apiGroups:
          - apiextensions.k8s.io
          resources:
          - customresourcedefinitions
          verbs:
          - create
          - get
          - list
          - watch
        - apiGroups:
          - apiextensions.k8s.io
          resourceNames:
          - ciliumloadbalancerippools.cilium.io
          - ciliumbgppeeringpolicies.cilium.io
          - ciliumclusterwideenvoyconfigs.cilium.io
          - ciliumclusterwidenetworkpolicies.cilium.io
          - ciliumegressgatewaypolicies.cilium.io
          - ciliumendpoints.cilium.io
          - ciliumendpointslices.cilium.io
          - ciliumenvoyconfigs.cilium.io
          - ciliumexternalworkloads.cilium.io
          - ciliumidentities.cilium.io
          - ciliumlocalredirectpolicies.cilium.io
          - ciliumnetworkpolicies.cilium.io
          - ciliumnodes.cilium.io
          - ciliumnodeconfigs.cilium.io
          - ciliumcidrgroups.cilium.io
          - ciliuml2announcementpolicies.cilium.io
          - ciliumpodippools.cilium.io
          resources:
          - customresourcedefinitions
          verbs:
          - update
        - apiGroups:
          - cilium.io
          resources:
          - ciliumloadbalancerippools
          - ciliumpodippools
          verbs:
          - get
          - list
          - watch
        - apiGroups:
          - cilium.io
          resources:
          - ciliumpodippools
          verbs:
          - create
        - apiGroups:
          - cilium.io
          resources:
          - ciliumloadbalancerippools/status
          verbs:
          - patch
        - apiGroups:
          - coordination.k8s.io
          resources:
          - leases
          verbs:
          - create
          - get
          - update
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: cilium
        subjects:
        - kind: ServiceAccount
          name: cilium
          namespace: kube-system
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium-operator
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: cilium-operator
        subjects:
        - kind: ServiceAccount
          name: cilium-operator
          namespace: kube-system
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: Role
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium-config-agent
          namespace: kube-system
        rules:
        - resources:
          - configmaps
          verbs:
          - get
          - list
          - watch
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: RoleBinding
        metadata:
          labels:
            app.kubernetes.io/part-of: cilium
          name: cilium-config-agent
          namespace: kube-system
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: Role
          name: cilium-config-agent
        subjects:
        - kind: ServiceAccount
          name: cilium
          namespace: kube-system
        ---
        apiVersion: v1
        kind: Service
        metadata:
          labels:
            app.kubernetes.io/name: hubble-peer
            app.kubernetes.io/part-of: cilium
            k8s-app: cilium
          name: hubble-peer
          namespace: kube-system
        spec:
          internalTrafficPolicy: Local
          ports:
          - name: peer-service
            port: 443
            targetPort: 4244
          selector:
            k8s-app: cilium
        ---
        apiVersion: apps/v1
        kind: DaemonSet
        metadata:
          labels:
            app.kubernetes.io/name: cilium-agent
            app.kubernetes.io/part-of: cilium
            k8s-app: cilium
          name: cilium
          namespace: kube-system
        spec:
          selector:
            matchLabels:
              k8s-app: cilium
          template:
            metadata:
              annotations:
                container.apparmor.security.beta.kubernetes.io/cilium-agent: unconfined
                container.apparmor.security.beta.kubernetes.io/clean-cilium-state: unconfined
              labels:
                app.kubernetes.io/name: cilium-agent
                app.kubernetes.io/part-of: cilium
                k8s-app: cilium
            spec:
              affinity:
                podAntiAffinity:
                  requiredDuringSchedulingIgnoredDuringExecution:
                  - labelSelector:
                      matchLabels:
                        k8s-app: cilium
                    topologyKey: kubernetes.io/hostname
              automountServiceAccountToken: true
              containers:
              - args:
                - --config-dir=/tmp/cilium/config-map
                command:
                - cilium-agent
                env:
                - name: K8S_NODE_NAME
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: spec.nodeName
                - name: CILIUM_K8S_NAMESPACE
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: metadata.namespace
                - name: CILIUM_CLUSTERMESH_CONFIG
                  value: /var/lib/cilium/clustermesh/
                - name: KUBERNETES_SERVICE_HOST
                  value: localhost
                - name: KUBERNETES_SERVICE_PORT
                  value: "7445"
                image: quay.io/cilium/cilium:v1.14.0@sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a
                imagePullPolicy: IfNotPresent
                lifecycle:
                  preStop:
                    exec:
                      command:
                      - /cni-uninstall.sh
                livenessProbe:
                  failureThreshold: 10
                  httpGet:
                    host: 127.0.0.1
                    httpHeaders:
                    - name: brief
                      value: "true"
                    path: /healthz
                    port: 9879
                    scheme: HTTP
                  periodSeconds: 30
                  successThreshold: 1
                  timeoutSeconds: 5
                name: cilium-agent
                readinessProbe:
                  failureThreshold: 3
                  httpGet:
                    host: 127.0.0.1
                    httpHeaders:
                    - name: brief
                      value: "true"
                    path: /healthz
                    port: 9879
                    scheme: HTTP
                  periodSeconds: 30
                  successThreshold: 1
                  timeoutSeconds: 5
                securityContext:
                  capabilities:
                    add:
                    - CHOWN
                    - KILL
                    - NET_ADMIN
                    - NET_RAW
                    - IPC_LOCK
                    - SYS_ADMIN
                    - SYS_RESOURCE
                    - DAC_OVERRIDE
                    - FOWNER
                    - SETGID
                    - SETUID
                    drop:
                    - ALL
                  seLinuxOptions:
                    level: s0
                    type: spc_t
                startupProbe:
                  failureThreshold: 105
                  httpGet:
                    host: 127.0.0.1
                    httpHeaders:
                    - name: brief
                      value: "true"
                    path: /healthz
                    port: 9879
                    scheme: HTTP
                  periodSeconds: 2
                  successThreshold: 1
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /host/proc/sys/net
                  name: host-proc-sys-net
                - mountPath: /host/proc/sys/kernel
                  name: host-proc-sys-kernel
                - mountPath: /sys/fs/bpf
                  mountPropagation: HostToContainer
                  name: bpf-maps
                - mountPath: /sys/fs/cgroup
                  name: cilium-cgroup
                - mountPath: /var/run/cilium
                  name: cilium-run
                - mountPath: /host/etc/cni/net.d
                  name: etc-cni-netd
                - mountPath: /var/lib/cilium/clustermesh
                  name: clustermesh-secrets
                  readOnly: true
                - mountPath: /lib/modules
                  name: lib-modules
                  readOnly: true
                - mountPath: /run/xtables.lock
                  name: xtables-lock
                - mountPath: /var/lib/cilium/tls/hubble
                  name: hubble-tls
                  readOnly: true
                - mountPath: /tmp
                  name: tmp
              hostNetwork: true
              initContainers:
              - command:
                - cilium
                - build-config
                env:
                - name: K8S_NODE_NAME
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: spec.nodeName
                - name: CILIUM_K8S_NAMESPACE
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: metadata.namespace
                - name: KUBERNETES_SERVICE_HOST
                  value: localhost
                - name: KUBERNETES_SERVICE_PORT
                  value: "7445"
                image: quay.io/cilium/cilium:v1.14.0@sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a
                imagePullPolicy: IfNotPresent
                name: config
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /tmp
                  name: tmp
              - args:
                - mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf
                command:
                - /bin/bash
                - -c
                - --
                image: quay.io/cilium/cilium:v1.14.0@sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a
                imagePullPolicy: IfNotPresent
                name: mount-bpf-fs
                securityContext:
                  privileged: true
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /sys/fs/bpf
                  mountPropagation: Bidirectional
                  name: bpf-maps
              - command:
                - /init-container.sh
                env:
                - name: CILIUM_ALL_STATE
                  valueFrom:
                    configMapKeyRef:
                      key: clean-cilium-state
                      name: cilium-config
                      optional: true
                - name: CILIUM_BPF_STATE
                  valueFrom:
                    configMapKeyRef:
                      key: clean-cilium-bpf-state
                      name: cilium-config
                      optional: true
                - name: KUBERNETES_SERVICE_HOST
                  value: localhost
                - name: KUBERNETES_SERVICE_PORT
                  value: "7445"
                image: quay.io/cilium/cilium:v1.14.0@sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a
                imagePullPolicy: IfNotPresent
                name: clean-cilium-state
                resources:
                  requests:
                    cpu: 100m
                    memory: 100Mi
                securityContext:
                  capabilities:
                    add:
                    - NET_ADMIN
                    - SYS_ADMIN
                    - SYS_RESOURCE
                    drop:
                    - ALL
                  seLinuxOptions:
                    level: s0
                    type: spc_t
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /sys/fs/bpf
                  name: bpf-maps
                - mountPath: /sys/fs/cgroup
                  mountPropagation: HostToContainer
                  name: cilium-cgroup
                - mountPath: /var/run/cilium
                  name: cilium-run
              - command:
                - /install-plugin.sh
                image: quay.io/cilium/cilium:v1.14.0@sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a
                imagePullPolicy: IfNotPresent
                name: install-cni-binaries
                resources:
                  requests:
                    cpu: 100m
                    memory: 10Mi
                securityContext:
                  capabilities:
                    drop:
                    - ALL
                  seLinuxOptions:
                    level: s0
                    type: spc_t
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /host/opt/cni/bin
                  name: cni-path
              nodeSelector:
                kubernetes.io/os: linux
              priorityClassName: system-node-critical
              restartPolicy: Always
              serviceAccount: cilium
              serviceAccountName: cilium
              terminationGracePeriodSeconds: 1
              tolerations:
              - operator: Exists
              volumes:
              - name: tmp
              - hostPath:
                  path: /var/run/cilium
                  type: DirectoryOrCreate
                name: cilium-run
              - hostPath:
                  path: /sys/fs/bpf
                  type: DirectoryOrCreate
                name: bpf-maps
              - hostPath:
                  path: /sys/fs/cgroup
                  type: DirectoryOrCreate
                name: cilium-cgroup
              - hostPath:
                  path: /opt/cni/bin
                  type: DirectoryOrCreate
                name: cni-path
              - hostPath:
                  path: /etc/cni/net.d
                  type: DirectoryOrCreate
                name: etc-cni-netd
              - hostPath:
                  path: /lib/modules
                name: lib-modules
              - hostPath:
                  path: /run/xtables.lock
                  type: FileOrCreate
                name: xtables-lock
              - name: clustermesh-secrets
                projected:
                  defaultMode: 256
                  sources:
                  - secret:
                      name: cilium-clustermesh
                      optional: true
                  - secret:
                      items:
                      - key: tls.key
                        path: common-etcd-client.key
                      - key: tls.crt
                        path: common-etcd-client.crt
                      - key: ca.crt
                        path: common-etcd-client-ca.crt
                      name: clustermesh-apiserver-remote-cert
                      optional: true
              - hostPath:
                  path: /proc/sys/net
                  type: Directory
                name: host-proc-sys-net
              - hostPath:
                  path: /proc/sys/kernel
                  type: Directory
                name: host-proc-sys-kernel
              - name: hubble-tls
                projected:
                  defaultMode: 256
                  sources:
                  - secret:
                      items:
                      - key: tls.crt
                        path: server.crt
                      - key: tls.key
                        path: server.key
                      - key: ca.crt
                        path: client-ca.crt
                      name: hubble-server-certs
                      optional: true
          updateStrategy:
            rollingUpdate:
              maxUnavailable: 2
            type: RollingUpdate
        ---
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          labels:
            app.kubernetes.io/name: cilium-operator
            app.kubernetes.io/part-of: cilium
            io.cilium/app: operator
            name: cilium-operator
          name: cilium-operator
          namespace: kube-system
        spec:
          replicas: 2
          selector:
            matchLabels:
              io.cilium/app: operator
              name: cilium-operator
          strategy:
            rollingUpdate:
              maxSurge: 25%
              maxUnavailable: 50%
            type: RollingUpdate
          template:
            metadata:
              annotations: null
              labels:
                app.kubernetes.io/name: cilium-operator
                app.kubernetes.io/part-of: cilium
                io.cilium/app: operator
                name: cilium-operator
            spec:
              affinity:
                podAntiAffinity:
                  requiredDuringSchedulingIgnoredDuringExecution:
                  - labelSelector:
                      matchLabels:
                        io.cilium/app: operator
                    topologyKey: kubernetes.io/hostname
              automountServiceAccountToken: true
              containers:
              - args:
                - --config-dir=/tmp/cilium/config-map
                - --debug=$(CILIUM_DEBUG)
                command:
                - cilium-operator-generic
                env:
                - name: K8S_NODE_NAME
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: spec.nodeName
                - name: CILIUM_K8S_NAMESPACE
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: metadata.namespace
                - name: CILIUM_DEBUG
                  valueFrom:
                    configMapKeyRef:
                      key: debug
                      name: cilium-config
                      optional: true
                - name: KUBERNETES_SERVICE_HOST
                  value: localhost
                - name: KUBERNETES_SERVICE_PORT
                  value: "7445"
                image: quay.io/cilium/operator-generic:v1.14.0@sha256:3014d4bcb8352f0ddef90fa3b5eb1bbf179b91024813a90a0066eb4517ba93c9
                imagePullPolicy: IfNotPresent
                livenessProbe:
                  httpGet:
                    host: 127.0.0.1
                    path: /healthz
                    port: 9234
                    scheme: HTTP
                  initialDelaySeconds: 60
                  periodSeconds: 10
                  timeoutSeconds: 3
                name: cilium-operator
                readinessProbe:
                  failureThreshold: 5
                  httpGet:
                    host: 127.0.0.1
                    path: /healthz
                    port: 9234
                    scheme: HTTP
                  initialDelaySeconds: 0
                  periodSeconds: 5
                  timeoutSeconds: 3
                terminationMessagePolicy: FallbackToLogsOnError
                volumeMounts:
                - mountPath: /tmp/cilium/config-map
                  name: cilium-config-path
                  readOnly: true
              hostNetwork: true
              nodeSelector:
                kubernetes.io/os: linux
              priorityClassName: system-cluster-critical
              restartPolicy: Always
              serviceAccount: cilium-operator
              serviceAccountName: cilium-operator
              tolerations:
              - operator: Exists
              volumes:
              - configMap:
                  name: cilium-config
                name: cilium-config-path
@smira smira mentioned this issue Nov 29, 2023
Closed
@smira smira changed the title initialManifests not working as expected 🐛 initialManifests not working as expected Nov 29, 2023
@DmitriyMV DmitriyMV self-assigned this Dec 4, 2023
DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Dec 4, 2023
@DmitriyMV
fix: trim leading and trailing spaces\newlines in inline manifest con…
44897ea 
…tents

In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` it will transform leading newline into `|4` yaml.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Dec 4, 2023
@DmitriyMV
fix: trim leading and trailing spaces\newlines in inline manifest con…
b0b914c 
…tents

In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` any leading newlines will be transformed  into `|4` yaml. We want to prevent that.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
@DmitriyMV DmitriyMV mentioned this issue Dec 4, 2023
Merged
@DmitriyMV
Copy link
Member

DmitriyMV commented Dec 4, 2023
edited
Loading

@wibed

Hey! Thanks for the report. I believe the culprit is here:

...
      contents: |

        --
        apiVersion: v1
...

Removing this newline before -- solves the issue but we probably need to trim those too on Talos end.

DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Dec 4, 2023
@DmitriyMV
fix: trim leading and trailing spaces\newlines in inline manifest con…
5afd8cd 
…tents

In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` any leading newlines will be transformed  into `|4` yaml. We want to prevent that.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
@DmitriyMV
Copy link
Member

@wibed If you don't mind - how did you generate this patch? Manually? The reason I'm asking is that I'm curious we we are inserting this newlines ourselves somewhere.

@wibed
Copy link
Author

wibed commented Dec 4, 2023

@wibed If you don't mind - how did you generate this patch? Manually? The reason I'm asking is that I'm curious we we are inserting this newlines ourselves somewhere.

yes i did a "create-patch-command" (might be a cat idr) >> patch.yaml

DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Dec 4, 2023
@DmitriyMV
fix: trim leading spaces\newlines in inline manifest contents
8948b00 
In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` any leading newlines will be transformed  into `|4` yaml. We want to prevent that.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
@DmitriyMV
Copy link
Member

DmitriyMV commented Dec 4, 2023
edited
Loading

@wibed

"create-patch-command" (might be a cat idr)

Can you elaborate on that?

DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Dec 4, 2023
@DmitriyMV
fix: trim leading spaces\newlines in inline manifest contents
6c1bb6d 
In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` any leading newlines will be transformed  into `|4` yaml. We want to prevent that.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
smira pushed a commit to smira/talos that referenced this issue Dec 8, 2023
@DmitriyMV @smira
fix: trim leading spaces\newlines in inline manifest contents
fee63ac 
In route `LoadPatches` -> `configpatcher.Apply` -> `configloader.NewFromBytes` any leading newlines will be transformed  into `|4` yaml. We want to prevent that.

Closes siderolabs#7993

Signed-off-by: Dmitriy Matrenichev <[email protected]>
(cherry picked from commit eecc4db)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@DmitriyMV DmitriyMV

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: trim leading spaces\newlines in inline manifest contents DmitriyMV/talos
2 participants
@DmitriyMV @wibed