From b58f63553843c97c9a50aba3d0ebc6e28a2c6173 Mon Sep 17 00:00:00 2001
From: dbw7 <danial.bekhit@suse.com>
Date: Thu, 19 Sep 2024 08:18:34 -0600
Subject: [PATCH] K3s selinux rpm changes (#566)

* k8s selinux rpm changes

* Update pkg/image/context.go

Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>

* Update pkg/image/context.go

Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>

* Update RELEASE_NOTES.md

Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>

* Update selinux.go

---------

Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>
---
 RELEASE_NOTES.md          |  4 ++++
 config/artifacts.yaml     |  7 +++++++
 pkg/eib/eib.go            |  4 ++--
 pkg/image/context.go      | 10 ++++++++++
 pkg/kubernetes/selinux.go | 21 ++++++---------------
 5 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 641d7ea2..968c96f1 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -4,6 +4,8 @@
 
 ## General
 
+* Extracted the K3S and RKE2 SELinux package and repository definitions into artifacts.yaml
+
 ## API
 
 ### Image Definition Changes
@@ -12,6 +14,8 @@
 
 ## Bug Fixes
 
+* [#565](https://github.com/suse-edge/edge-image-builder/issues/565) - K3S SELinux uses an outdated package
+
 ---
 
 # v1.1.0-rc2
diff --git a/config/artifacts.yaml b/config/artifacts.yaml
index d6bf4718..48a04c55 100644
--- a/config/artifacts.yaml
+++ b/config/artifacts.yaml
@@ -9,3 +9,10 @@ endpoint-copier-operator:
 elemental:
   register-repository: https://download.opensuse.org/repositories/isv:/Rancher:/Elemental:/Staging/standard
   system-agent-repository: https://download.opensuse.org/repositories/isv:/Rancher:/Elemental:/Staging/standard
+kubernetes:
+  k3s:
+    selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
+    selinuxRepository: https://rpm.rancher.io/k3s/stable/common/slemicro/noarch
+  rke2:
+    selinuxPackage: rke2-selinux
+    selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
\ No newline at end of file
diff --git a/pkg/eib/eib.go b/pkg/eib/eib.go
index d6f1d8a4..f574f605 100644
--- a/pkg/eib/eib.go
+++ b/pkg/eib/eib.go
@@ -62,12 +62,12 @@ func appendKubernetesSELinuxRPMs(ctx *image.Context) error {
 	log.AuditInfo("SELinux is enabled in the Kubernetes configuration. " +
 		"The necessary RPM packages will be downloaded.")
 
-	selinuxPackage, err := kubernetes.SELinuxPackage(ctx.ImageDefinition.Kubernetes.Version)
+	selinuxPackage, err := kubernetes.SELinuxPackage(ctx.ImageDefinition.Kubernetes.Version, ctx.ArtifactSources)
 	if err != nil {
 		return fmt.Errorf("identifying selinux package: %w", err)
 	}
 
-	repository, err := kubernetes.SELinuxRepository(ctx.ImageDefinition.Kubernetes.Version)
+	repository, err := kubernetes.SELinuxRepository(ctx.ImageDefinition.Kubernetes.Version, ctx.ArtifactSources)
 	if err != nil {
 		return fmt.Errorf("identifying selinux repository: %w", err)
 	}
diff --git a/pkg/image/context.go b/pkg/image/context.go
index 40190a27..6d8e0c0b 100644
--- a/pkg/image/context.go
+++ b/pkg/image/context.go
@@ -39,4 +39,14 @@ type ArtifactSources struct {
 		RegisterRepository    string `yaml:"register-repository"`
 		SystemAgentRepository string `yaml:"system-agent-repository"`
 	} `yaml:"elemental"`
+	Kubernetes struct {
+		K3s struct {
+			SELinuxPackage    string `yaml:"selinuxPackage"`
+			SELinuxRepository string `yaml:"selinuxRepository"`
+		} `yaml:"k3s"`
+		Rke2 struct {
+			SELinuxPackage    string `yaml:"selinuxPackage"`
+			SELinuxRepository string `yaml:"selinuxRepository"`
+		} `yaml:"rke2"`
+	} `yaml:"kubernetes"`
 }
diff --git a/pkg/kubernetes/selinux.go b/pkg/kubernetes/selinux.go
index 135bcf3a..7f9d9cc8 100644
--- a/pkg/kubernetes/selinux.go
+++ b/pkg/kubernetes/selinux.go
@@ -10,35 +10,26 @@ import (
 	"github.com/suse-edge/edge-image-builder/pkg/image"
 )
 
-func SELinuxPackage(version string) (string, error) {
-	const (
-		k3sPackage  = "k3s-selinux"
-		rke2Package = "rke2-selinux"
-	)
+func SELinuxPackage(version string, sources *image.ArtifactSources) (string, error) {
 
 	switch {
 	case strings.Contains(version, image.KubernetesDistroK3S):
-		return k3sPackage, nil
+		return sources.Kubernetes.K3s.SELinuxPackage, nil
 	case strings.Contains(version, image.KubernetesDistroRKE2):
-		return rke2Package, nil
+		return sources.Kubernetes.Rke2.SELinuxPackage, nil
 	default:
 		return "", fmt.Errorf("invalid kubernetes version: %s", version)
 	}
 }
 
-func SELinuxRepository(version string) (image.AddRepo, error) {
-	const (
-		k3sRepository  = "https://rpm.rancher.io/k3s/stable/common/slemicro/noarch"
-		rke2Repository = "https://rpm.rancher.io/rke2/stable/common/slemicro/noarch"
-	)
-
+func SELinuxRepository(version string, sources *image.ArtifactSources) (image.AddRepo, error) {
 	var url string
 
 	switch {
 	case strings.Contains(version, image.KubernetesDistroK3S):
-		url = k3sRepository
+		url = sources.Kubernetes.K3s.SELinuxRepository
 	case strings.Contains(version, image.KubernetesDistroRKE2):
-		url = rke2Repository
+		url = sources.Kubernetes.Rke2.SELinuxRepository
 	default:
 		return image.AddRepo{}, fmt.Errorf("invalid kubernetes version: %s", version)
 	}