Skip to content

install/kubernetes: make securityContext SELinux options configurable #22721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 15, 2022
Merged

install/kubernetes: make securityContext SELinux options configurable #22721

merged 1 commit into from
Dec 15, 2022

Conversation

tklauser
Copy link
Member

Make the hardcoded SELinux options in the helm charts configurable.

Fixes #22703

@tklauser tklauser added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/helm Impacts helm charts and user deployment experience labels Dec 13, 2022
@tklauser tklauser requested review from a team as code owners December 13, 2022 14:51
@tklauser tklauser requested review from squeed and gandro December 13, 2022 14:51
@tklauser tklauser force-pushed the pr/tklauser/helm-selinux-options branch from 544ddfb to 4f7aa23 Compare December 13, 2022 14:57
@tklauser tklauser changed the title install/kubernetes/cilium: make securitlyContext SELinux options configurable install/kubernetes: make securityContext SELinux options configurable Dec 13, 2022
gandro
gandro approved these changes Dec 13, 2022
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Neat, thanks!

@tklauser
Copy link
Member Author

tklauser commented Dec 13, 2022
edited by maintainer-s-little-helper bot
Loading

/test

Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed:

Click to show.

Test Name

K8sDatapathConfig Host firewall With VXLAN

Failure Output

FAIL: Failed to reach 10.0.0.133:80 from testclient-host-6x828

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.25-kernel-4.19 so I can create one.

@tklauser tklauser force-pushed the pr/tklauser/helm-selinux-options branch from 4f7aa23 to de776e9 Compare December 14, 2022 10:27
@tklauser
install/kubernetes: make securityContext SELinux options configurable
7faccd1 
Make the hardcoded SELinux options in the helm charts configurable.

Fixes #22703

Signed-off-by: Tobias Klauser <tobias@cilium.io>
@tklauser tklauser force-pushed the pr/tklauser/helm-selinux-options branch from de776e9 to 7faccd1 Compare December 14, 2022 10:47
@tklauser tklauser requested a review from a team as a code owner December 14, 2022 10:47
@tklauser tklauser requested a review from joestringer December 14, 2022 10:47
@tklauser
Copy link
Member Author

tklauser commented Dec 14, 2022
edited by maintainer-s-little-helper bot
Loading

/test

Job 'Cilium-PR-K8s-1.16-kernel-4.9' failed:

Click to show.

Test Name

K8sAgentPolicyTest Multi-node policy test with L7 policy using connectivity-check to check datapath

Failure Output

FAIL: connectivity-check pods are not ready after timeout

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.16-kernel-4.9 so I can create one.

This was referenced Dec 15, 2022
Closed
Closed
@tklauser
Copy link
Member Author

Both failures look unrelated to this change. All other tests passed and all code owners approved, marking as ready to merge.

@tklauser tklauser added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 15, 2022
@pchaigno pchaigno merged commit 76837ea into master Dec 15, 2022
@pchaigno pchaigno deleted the pr/tklauser/helm-selinux-options branch December 15, 2022 11:37
@joestringer joestringer mentioned this pull request Dec 21, 2022
Merged
@joestringer joestringer added the backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. label Dec 22, 2022
@joestringer joestringer mentioned this pull request Dec 22, 2022
Merged
@gentoo-root gentoo-root mentioned this pull request Jan 6, 2023
Merged
@aditighag aditighag mentioned this pull request Jan 10, 2023
Merged
@tklauser tklauser mentioned this pull request Jan 11, 2023
Merged
@tklauser tklauser added backport-pending/1.12 backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed needs-backport/1.12 labels Jan 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@squeed squeed squeed approved these changes

@joestringer joestringer joestringer approved these changes

Assignees
No one assigned
Labels
area/helm Impacts helm charts and user deployment experience backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Make helm SELinux options configurable
5 participants
@tklauser @gandro @squeed @joestringer @pchaigno