From bf54dc082b23b529dd6e588efd4245708ca2066e Mon Sep 17 00:00:00 2001
From: spaced <spaced.wombat@gmail.com>
Date: Tue, 13 Jul 2021 15:34:29 +0200
Subject: [PATCH] set selinux type t_etc if selinux state is enforcing (#7791)

---
 roles/kubernetes/node/tasks/kubelet.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index 88204e012..26560a72b 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -17,6 +17,7 @@
   template:
     src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
     dest: "{{ kube_config_dir }}/kubelet.env"
+    setype: "{{ (preinstall_selinux_state == 'enforcing') | ternary('t_etc', omit) }}"
     backup: yes
     mode: 0640
   notify: Node | restart kubelet