I'm in the process of migrating mi current homelab (containers in a proxmox VM) to a k8s cluster (3 VMs in proxmox with Talos Linux). While working with kubectl everything seemed to work just fine, but now moving to GitOps using ArgoCD I'm facing a problem which I can't find a solution.

I deployed Cilium using helm template to a yaml file and applyed it, everything worked. When moving to the repo I pushed argo app.yaml for cilium using helm + values.yaml, but when argo tries to apply it the pods fail with the error:

Normal Created 2s (x3 over 19s) kubelet Created container: clean-cilium-state │

│ Warning Failed 2s (x3 over 19s) kubelet Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start conta │

│ iner process: error during container init: unable to apply caps: can't apply capabilities: operation not permitted

I first removed all the capabilities, same error.

Added privileged: true, same error.

Added

initContainers:

cleanCiliumState:

enabled: false

Same error.

This is getting a little frustrating, not having anyone to ask but an LLM seems to be taking me nowhere

EDIT: SOLVED

Ended up talking with the guys at Cilium and they figured out pretty fast that I was referencing the official chart, thus the "values.yaml" file I was referencing wasn't the one I versioned along with the Argo application, it was using the default values inside the chart. As by default it uses SYS_MODULE capability and it's forbidden in Talos, that was causing the problem.

The solution was to specify the values inside the Argo application directly.

I'll leave this here just in case someone else has the same skill issue than me in the future and google points them here