Fedora and RHEL use etc_t and the convention is <type_name>_t (#7891)

* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
pull/7920/head
Cristian Calin 2021-08-28 00:20:53 +03:00 committed by GitHub
parent 425b6741c6
commit 1afdb05ea9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 3 deletions

View File

@ -180,6 +180,13 @@ packet_fedora33-calico:
variables: variables:
MITOGEN_ENABLE: "true" MITOGEN_ENABLE: "true"
packet_fedora34-calico-selinux:
stage: deploy-part2
extends: .packet_periodic
when: on_success
variables:
MITOGEN_ENABLE: "true"
packet_amazon-linux-2-aio: packet_amazon-linux-2-aio:
stage: deploy-part2 stage: deploy-part2
extends: .packet_pr extends: .packet_pr

View File

@ -12,7 +12,7 @@ centos8 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x:
debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
fedora33 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora33 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora34 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | fedora34 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: | ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |

View File

@ -26,7 +26,7 @@ Some variables of note include:
* *kube_version* - Specify a given Kubernetes version * *kube_version* - Specify a given Kubernetes version
* *searchdomains* - Array of DNS domains to search when looking up hostnames * *searchdomains* - Array of DNS domains to search when looking up hostnames
* *nameservers* - Array of nameservers to use for DNS lookup * *nameservers* - Array of nameservers to use for DNS lookup
* *preinstall_selinux_state* - Set selinux state, permitted values are permissive and disabled. * *preinstall_selinux_state* - Set selinux state, permitted values are permissive, enforcing and disabled.
## Addressing variables ## Addressing variables

View File

@ -17,7 +17,7 @@
template: template:
src: "kubelet.env.{{ kubeletConfig_api_version }}.j2" src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubelet.env" dest: "{{ kube_config_dir }}/kubelet.env"
setype: "{{ (preinstall_selinux_state == 'enforcing') | ternary('t_etc', omit) }}" setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
backup: yes backup: yes
mode: 0640 mode: 0640
notify: Node | restart kubelet notify: Node | restart kubelet

View File

@ -0,0 +1,14 @@
---
# Instance settings
cloud_image: fedora-34
mode: default
# Kubespray settings
deploy_netchecker: true
dns_min_replicas: 1
kube_network_plugin: calico
auto_renew_certificates: true
# Test with SELinux in enforcing mode
preinstall_selinux_state: enforcing