Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Disabling SELINUX option is not working #1370

Open
un1xman opened this issue Jun 5, 2024 · 3 comments
Open

[Bug]: Disabling SELINUX option is not working #1370

un1xman opened this issue Jun 5, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@un1xman
Copy link

un1xman commented Jun 5, 2024

Description

I have added disable_selinux = true to module, but it has not any affect to node(s). SELINUX initalized with enforcing mode on nodepools.

Kube.tf file

module "kube-hetzner" {
  providers = {
    hcloud = hcloud
  }

  hcloud_token = var.hcloud_token

  source = "kube-hetzner/kube-hetzner/hcloud"

  ssh_public_key  = file("keys/id_ed25519_terraform_hetzner_cloudb.pub")
  ssh_private_key = file("keys/id_ed25519_terraform_hetzner_cloudb")
  ssh_port = 22

  network_region = var.region #"eu-central"

  control_plane_nodepools = [
    {
      name        = "control-plane",
      server_type = "cax11",
      location    = "fsn1",
      labels      = [],
      taints      = [],
      count       = 2
      disable_selinux = true
      backups = false
      placement_group = "control-plane-servers"
    }
  ]

  agent_nodepools = [
    {
      name        = "server-nodepool01",
      server_type = "cpx31",
      location    = "fsn1",
      labels      = [],
      taints = [],
      disable_selinux = true
      count  = 3,
    },
    {
      name        = "server-nodepool02",
      server_type = "cpx31",
      location    = "fsn1",
      disable_selinux = true
    }
  ]

  load_balancer_type     = "lb11"
  load_balancer_location = "fsn1"

  enable_metrics_server = true

  create_kubeconfig = true
  export_values     = true




  dns_servers = [
    "1.1.1.1",
    "8.8.8.8",
    "2606:4700:4700::1111",
  ]

  autoscaler_nodepools = [
      {
        name        = "autoscaled-servers"
        server_type = "cpx31"
        location    = "fsn1"
        min_nodes   = 0
        max_nodes   = 5
        
        labels      = {}
        taints      = []
      }
    ]

  extra_firewall_rules = []

  restrict_outbound_traffic = false

  enable_local_storage = true

  disable_selinux = true
}
output "kubeconfig" {
  value     = module.kube-hetzner.kubeconfig
  sensitive = true
}

output "cluster_id" {
  value = "mp-hke-${var.region}"
}

Screenshots

No response

Platform

Linux
@un1xman un1xman added the bug Something isn't working label Jun 5, 2024
@mysticaltech
Copy link
Collaborator

@un1xman Thanks for the info. I will look into it. FYI, if you have selinux problems, please see #697 to know how to submit the needed changes.

@janpieper
Copy link

@un1xman You're currently using disable_selinux everywhere, but only the global option is called disable_selinux - For the node pools it is only called selinux.

@mysticaltech For control planes the SELinux option is hardcoded to true

terraform-hcloud-kube-hetzner/control_planes.tf

Line 105 in 426f50d

selinux = true

@mysticaltech
Copy link
Collaborator

Thanks @janpieper, appreciate the details.

@mysticaltech mysticaltech mentioned this issue Jul 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@janpieper @mysticaltech @un1xman