use "force: true" to re-apply the shared-workload-clusters-settings ClusterPolicy
closes #968 (closed)
What does this MR do and why?
the MR !1490 (merged) introduced the following bug.
By adding the clone-os-images-info rule in the ClusterPolicy shared-workload-clusters-setttings
it prevent updating the kyverno policy during an apply.sh
The root cause is "using post build variable substitution" to pass to policy the configmap name containing os_images, the name of this configmap is varing between bootstrap.sh and any following apply.sh, to it changes the policy rules which seems to be forbidden by kyverno update schema.
Easiest solution is to enable "force: true" on sylva-unit
Another solution could consist to use a os_images configmap name that won't vary.
Edited by Alexandre Seitz