Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes version v1.22 fails to provision on RHEL8.4 SELinux on. #36509

Open
vivek-shilimkar opened this issue Feb 14, 2022 · 7 comments
Open

Kubernetes version v1.22 fails to provision on RHEL8.4 SELinux on. #36509

vivek-shilimkar opened this issue Feb 14, 2022 · 7 comments
Assignees
@vivek-shilimkar @snasovich
Labels
area/support-matrix kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement release-note Note this issue in the milestone's release notes team/hostbusters The team that is responsible for provisioning/managing downstream clusters + K8s version support
Milestone
v2.x - Backlog

Comments

@vivek-shilimkar
Copy link
Member

Rancher Server Setup

  • Rancher version: v2.6-head
  • Installation option (Docker install/Helm Chart): Docker

Information about the Cluster

  • Kubernetes version: v1.22
  • Cluster Type (Local/Downstream): Downstream
    • If downstream, what type of cluster?: Custom/Node Driver

Describe the bug

On RHEL8.4 SElinux On AWS AMI, the k8s version 1.22 fails to provision on AWS.

To Reproduce

  1. Create a rancher server v2.6-head.
  2. Try to provision a downstream k8s cluster with version v1.22 on RHEL8.4 SElinux On AWS AMI.

Result
Cluster provisioning fails with following error
[selinux] Host [172.31.18.232] does not recognize SELinux label [label=type:rke_container_t]. This is required for Kubernetes version [>=1.22.0-rancher0]. Please install rancher-selinux RPM package and try again

Expected Result

k8s cluster v1.22 provisions successfully.
@sowmyav27 sowmyav27 added kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement team/hostbusters The team that is responsible for provisioning/managing downstream clusters + K8s version support labels Feb 14, 2022
@sowmyav27 sowmyav27 added this to the v2.6.4 milestone Feb 14, 2022
@snasovich
Copy link
Collaborator

@vivek-infracloud , is this RKE1 or RKE2 provisioning?

@vivek-shilimkar
Copy link
Member Author

@snasovich This is RKE1 provisioning.

@snasovich
Copy link
Collaborator

snasovich commented Feb 16, 2022
edited
Loading

We're hitting the check implemented per https://github.com/rancher/rke/pull/2750/files#diff-1919f8e9dcce0dfe306c07bbda35bd2bab44635be0e5bbc473faabe062b0597cR71. The question is whether provisioning should automatically install rancher-selinux RPM package or the expectation is that it should be present on the node already (i.e. be "baked" into the AMI).

@snasovich to follow up with product management on this.

@snasovich snasovich added the release-note Note this issue in the milestone's release notes label Feb 18, 2022
@snasovich snasovich self-assigned this Feb 18, 2022
@snasovich
Copy link
Collaborator

After discussing with the product management the expectation is that Rancher is not going to install RPMs on the nodes, so the suggested approach is to either use AMI with this package already installed or have it installed via cloud-init.
This will need to be documented for 2.6.4 release, hence release-note label.

@snasovich snasovich mentioned this issue Mar 7, 2022
Open
@snasovich
Copy link
Collaborator

This will need to be added to support matrix, adding area/support-matrix label.

@sowmyav27 sowmyav27 modified the milestones: v2.6.4, v2.6.5 Mar 14, 2022
@slickwarren
Copy link
Contributor

talked with Sergey about this: we will also need to release note that the user will run into this issue when upgrading to 1.22 as well. For 2.6.4, we should release note that we are expecting users to manually upgrade/install the rancher-selinux package on all the nodes in that cluster, then upgrade k8s if upgrading to 1.22. @jtravee

@jtravee
Copy link

jtravee commented Mar 18, 2022

we are expecting users to manually upgrade/install the rancher-selinux package on all the nodes in that cluster, then upgrade k8s if upgrading to 1.22.

Added to existing issue in 2.6.4 RN, thanks!

@deniseschannon deniseschannon self-assigned this Apr 7, 2022
@Sahota1225 Sahota1225 modified the milestones: v2.6.5, v2.6.6 Apr 20, 2022
@snasovich snasovich modified the milestones: v2.6.6, v2.6.x May 26, 2022
@cbron cbron modified the milestones: v2.6.x, v2.x - Backlog Oct 30, 2023
@zagg-bot zagg-bot bot mentioned this issue May 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vivek-shilimkar vivek-shilimkar

@snasovich snasovich

Labels
area/support-matrix kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement release-note Note this issue in the milestone's release notes team/hostbusters The team that is responsible for provisioning/managing downstream clusters + K8s version support
Projects
None yet
Milestone
v2.x - Backlog
Development

No branches or pull requests
9 participants
@cbron @deniseschannon @slickwarren @sowmyav27 @Jono-SUSE-Rancher @vivek-shilimkar @snasovich @jtravee @Sahota1225