kubeadm/cilium: disable SELinux for Cilium

Once the daemon set is started with `unconfined_t` it does not work with enforced SELinux because it hits a denial from transitioning to `kernel_t` to `unconfined_t` (and this normal because currently everything runs with `kernel_t` including container runtimes) Can be dropped once it works fine with `spc_t` label with the SELinux upgrade. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
flatcar · Aug 31, 2022 · 853f628 · 853f628
1 parent e8e9751
commit 853f628
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/kola/tests/kubeadm/kubeadm.go b/kola/tests/kubeadm/kubeadm.go
@@ -186,7 +186,7 @@ func init() {
 					major = 3140
 				}
 
-				if CNI == "flannel" {
+				if CNI == "flannel" || CNI == "cilium" {
 					flags = append(flags, register.NoEnableSelinux)
 				}