add RKE2 pre-reqs

0088c748 · runyontr · 051ed68c · 0088c748
Commit 0088c748 authored 4 years ago by runyontr
--- a/docs/d_prerequisites.md
+++ b/docs/d_prerequisites.md
@@ -42,4 +42,16 @@ metadata:
 EOF
 oc -n logging create -f NetworkAttachmentDefinition.yaml
 oc -n monitoring create -f NetworkAttachmentDefinition.yaml
-```
\ No newline at end of file
+```
+
+## RKE2
+
+### OPA Gatekeeper
+
+Default PSP configurations for RKE2 prevent OPA Gatekeeper from coming up correctly.  See [RKE2 Issue](https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform/-/issues/2) and [Big Bang Issue](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/10) Patching the PSPs in the cluster allow OPA Gatekeeper to start correctly:
+
+```bash
+kubectl patch psp system-unrestricted-psp  -p '{"metadata": {"annotations":{"seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*"}}}'
+kubectl patch psp global-unrestricted-psp  -p '{"metadata": {"annotations":{"seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*"}}}'
+kubectl patch psp global-restricted-psp  -p '{"metadata": {"annotations":{"seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*"}}}'
+```