Set default selinux option if not specified

Signed-off-by: Atanas Dinov <[email protected]>
suse-edge · Apr 11, 2024 · d813fb0 · d813fb0
1 parent 8bc93c0
commit d813fb0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/pkg/kubernetes/cluster.go b/pkg/kubernetes/cluster.go
@@ -65,12 +65,10 @@ func NewCluster(kubernetes *image.Kubernetes, configPath string) (*Cluster, erro
 	// Ensure the agent uses the same cluster configuration values as the server
 	agentConfig[tokenKey] = serverConfig[tokenKey]
 	agentConfig[serverKey] = serverConfig[serverKey]
+	agentConfig[selinuxKey] = serverConfig[selinuxKey]
 	if strings.Contains(kubernetes.Version, image.KubernetesDistroRKE2) {
 		agentConfig[cniKey] = serverConfig[cniKey]
 	}
-	if selinux, ok := serverConfig[selinuxKey]; ok {
-		agentConfig[selinuxKey] = selinux
-	}
 
 	// Create the initialiser server config
 	initialiserConfig := map[string]any{}
@@ -168,6 +166,7 @@ func setMultiNodeConfigDefaults(kubernetes *image.Kubernetes, config map[string]
 
 	setClusterToken(config)
 	appendClusterTLSSAN(config, kubernetes.Network.APIVIP)
+	setSELinux(config)
 	if kubernetes.Network.APIHost != "" {
 		appendClusterTLSSAN(config, kubernetes.Network.APIHost)
 	}
@@ -206,6 +205,14 @@ func setClusterAPIAddress(config map[string]any, apiAddress string, port int) {
 	config[serverKey] = fmt.Sprintf("https://%s:%d", apiAddress, port)
 }
 
+func setSELinux(config map[string]any) {
+	if _, ok := config[selinuxKey].(bool); ok {
+		return
+	}
+
+	config[selinuxKey] = false
+}
+
 func appendClusterTLSSAN(config map[string]any, address string) {
 	if address == "" {
 		zap.S().Warn("Attempted to append TLS SAN with an empty address")

diff --git a/pkg/kubernetes/cluster_test.go b/pkg/kubernetes/cluster_test.go
@@ -113,20 +113,21 @@ func TestNewCluster_MultiNodeRKE2_MissingConfig(t *testing.T) {
 	})
 	assert.Equal(t, "cilium", cluster.InitialiserConfig["cni"])
 	assert.Equal(t, []string{"192.168.122.50", "api.suse.edge.com"}, cluster.InitialiserConfig["tls-san"])
+	assert.Equal(t, false, cluster.InitialiserConfig["selinux"])
 	assert.Nil(t, cluster.InitialiserConfig["server"])
-	assert.Nil(t, cluster.InitialiserConfig["selinux"])
 
 	require.NotNil(t, cluster.ServerConfig)
 	assert.Equal(t, "cilium", cluster.ServerConfig["cni"])
 	assert.Equal(t, []string{"192.168.122.50", "api.suse.edge.com"}, cluster.ServerConfig["tls-san"])
 	assert.Equal(t, clusterToken, cluster.ServerConfig["token"])
 	assert.Equal(t, "https://192.168.122.50:9345", cluster.ServerConfig["server"])
-	assert.Nil(t, cluster.ServerConfig["selinux"])
+	assert.Equal(t, false, cluster.ServerConfig["selinux"])
 
 	require.NotNil(t, cluster.AgentConfig)
 	assert.Equal(t, "cilium", cluster.AgentConfig["cni"])
 	assert.Equal(t, clusterToken, cluster.AgentConfig["token"])
 	assert.Equal(t, "https://192.168.122.50:9345", cluster.AgentConfig["server"])
+	assert.Equal(t, false, cluster.AgentConfig["selinux"])
 	assert.Nil(t, cluster.AgentConfig["tls-san"])
 	assert.Nil(t, cluster.AgentConfig["debug"])
 }