From d813fb0eac95293727fb68388b902724e72fdfce Mon Sep 17 00:00:00 2001 From: Atanas Dinov Date: Thu, 11 Apr 2024 21:51:17 +0300 Subject: [PATCH] Set default selinux option if not specified Signed-off-by: Atanas Dinov --- pkg/kubernetes/cluster.go | 13 ++++++++++--- pkg/kubernetes/cluster_test.go | 5 +++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/pkg/kubernetes/cluster.go b/pkg/kubernetes/cluster.go index 4c67d1ec..7c9cd909 100644 --- a/pkg/kubernetes/cluster.go +++ b/pkg/kubernetes/cluster.go @@ -65,12 +65,10 @@ func NewCluster(kubernetes *image.Kubernetes, configPath string) (*Cluster, erro // Ensure the agent uses the same cluster configuration values as the server agentConfig[tokenKey] = serverConfig[tokenKey] agentConfig[serverKey] = serverConfig[serverKey] + agentConfig[selinuxKey] = serverConfig[selinuxKey] if strings.Contains(kubernetes.Version, image.KubernetesDistroRKE2) { agentConfig[cniKey] = serverConfig[cniKey] } - if selinux, ok := serverConfig[selinuxKey]; ok { - agentConfig[selinuxKey] = selinux - } // Create the initialiser server config initialiserConfig := map[string]any{} @@ -168,6 +166,7 @@ func setMultiNodeConfigDefaults(kubernetes *image.Kubernetes, config map[string] setClusterToken(config) appendClusterTLSSAN(config, kubernetes.Network.APIVIP) + setSELinux(config) if kubernetes.Network.APIHost != "" { appendClusterTLSSAN(config, kubernetes.Network.APIHost) } @@ -206,6 +205,14 @@ func setClusterAPIAddress(config map[string]any, apiAddress string, port int) { config[serverKey] = fmt.Sprintf("https://%s:%d", apiAddress, port) } +func setSELinux(config map[string]any) { + if _, ok := config[selinuxKey].(bool); ok { + return + } + + config[selinuxKey] = false +} + func appendClusterTLSSAN(config map[string]any, address string) { if address == "" { zap.S().Warn("Attempted to append TLS SAN with an empty address") diff --git a/pkg/kubernetes/cluster_test.go b/pkg/kubernetes/cluster_test.go index fd8cd747..fba10a6e 100644 --- a/pkg/kubernetes/cluster_test.go +++ b/pkg/kubernetes/cluster_test.go @@ -113,20 +113,21 @@ func TestNewCluster_MultiNodeRKE2_MissingConfig(t *testing.T) { }) assert.Equal(t, "cilium", cluster.InitialiserConfig["cni"]) assert.Equal(t, []string{"192.168.122.50", "api.suse.edge.com"}, cluster.InitialiserConfig["tls-san"]) + assert.Equal(t, false, cluster.InitialiserConfig["selinux"]) assert.Nil(t, cluster.InitialiserConfig["server"]) - assert.Nil(t, cluster.InitialiserConfig["selinux"]) require.NotNil(t, cluster.ServerConfig) assert.Equal(t, "cilium", cluster.ServerConfig["cni"]) assert.Equal(t, []string{"192.168.122.50", "api.suse.edge.com"}, cluster.ServerConfig["tls-san"]) assert.Equal(t, clusterToken, cluster.ServerConfig["token"]) assert.Equal(t, "https://192.168.122.50:9345", cluster.ServerConfig["server"]) - assert.Nil(t, cluster.ServerConfig["selinux"]) + assert.Equal(t, false, cluster.ServerConfig["selinux"]) require.NotNil(t, cluster.AgentConfig) assert.Equal(t, "cilium", cluster.AgentConfig["cni"]) assert.Equal(t, clusterToken, cluster.AgentConfig["token"]) assert.Equal(t, "https://192.168.122.50:9345", cluster.AgentConfig["server"]) + assert.Equal(t, false, cluster.AgentConfig["selinux"]) assert.Nil(t, cluster.AgentConfig["tls-san"]) assert.Nil(t, cluster.AgentConfig["debug"]) }