Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm-charts: Add selinuxMount flag to enable/disable /etc/selinux host mount #2883

Merged
merged 1 commit into from
Feb 16, 2022
Merged

helm-charts: Add selinuxMount flag to enable/disable /etc/selinux host mount #2883

merged 1 commit into from
Feb 16, 2022

Conversation

Aste88
Copy link
Contributor

@Aste88 Aste88 commented Feb 15, 2022

Describe what this PR does

Add selinuxMount flag to enable/disable /etc/selinux host mount inside pods to support selinux-enabled filesystems

Is the change backward compatible?

Yes, selinuxMount default is true (the previous behaviour)

Are there concerns around backward compatibility?

None I'm aware of

Related issues

Fixes: #2876

@mergify mergify bot added the component/deployment Helm chart, kubernetes templates and configuration Issues/PRs label Feb 15, 2022
Madhu-1
Madhu-1 requested changes Feb 16, 2022
View reviewed changes
Copy link
Collaborator

@Madhu-1 Madhu-1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Aste88 Thanks for the PR. can you fix DCO and commit lint problem. please refer to https://github.com/ceph/ceph-csi/blob/devel/docs/development-guide.md#code-contribution-workflow for any help

charts/ceph-csi-cephfs/README.md Outdated Show resolved Hide resolved
@Aste88
helm: Add selinuxMount flag to enable/disable /etc/selinux host mount
301d3e4 
Add selinuxMount flag to enable/disable /etc/selinux host mount inside pods
to support selinux-enabled filesystems

Signed-off-by: Francesco Astegiano <francesco.astegiano@gmail.com>
@Madhu-1 Madhu-1 requested review from a team February 16, 2022 11:34
@mergify mergify bot merged commit 4235178 into ceph:devel Feb 16, 2022
@humblec
Copy link
Collaborator

humblec commented Feb 17, 2022

@Aste88 @Madhu-1 @Rakshith-R @nixpanic I doubt this was the right fix we need , That said, here we are defaulting to true and consuming it from the host. If the PODs are running in host which does not support, this could cause issues? or did I miss anything in helm deployment here?

@Madhu-1
Copy link
Collaborator

Madhu-1 commented Feb 17, 2022

@humblec this was done to support the backward compatibility and now the user is having an option to turn it on and off which was not present at all.

@humblec
Copy link
Collaborator

humblec commented Feb 17, 2022

@humblec this was done to support the backward compatibility and now the user is having an option to turn it on and off which was not present at all.

Getting a knob done is fine, but a couple of things , like

  1. Default to `true
  2. HostPath

All new deployments will try to pick the hostmount now being this value default to true and if we are on NON selinux system it could cause issues.

Instead of this, I was thinking we could have gone ahead with DirectoryOrCreate instead of HostPath.. I believe its the better solution . Please let me know what you folks think.. I can drop a PR accordingly.

@Madhu-1
Copy link
Collaborator

Madhu-1 commented Feb 17, 2022

@humblec this was done to support the backward compatibility and now the user is having an option to turn it on and off which was not present at all.

Getting a knob done is fine, but a couple of things , like

  1. Default to `true
  2. HostPath

All new deployments will try to pick the hostmount now being this value default to true and if we are on NON selinux system it could cause issues.

Yes correctly its the existing behaviour for both helm and deployments with kube templates.

Instead of this, I was thinking we could have gone ahead with DirectoryOrCreate instead of HostPath.. I believe its the better solution . Please let me know what you folks think. I can drop a PR accordingly.

Is it allowed to create a Directory on /etc folder on the nodes? If possible looks good.

@iPraveenParihar iPraveenParihar mentioned this pull request Mar 28, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rakshith-R Rakshith-R Rakshith-R approved these changes

@Madhu-1 Madhu-1 Madhu-1 approved these changes

Assignees
No one assigned
Labels
component/deployment Helm chart, kubernetes templates and configuration Issues/PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

nodeplugin failed to mkdir "/etc/selinux"
4 participants
@Aste88 @humblec @Madhu-1 @Rakshith-R