[QA] Testing tasks - CentOS7/RHEL7 and Rancher on SELinux-enabled K3s

k3s-io / k3s

Lightweight Kubernetes

https://k3s.io

Apache License 2.0

27.45k stars 2.3k forks source link

[QA] Testing tasks - CentOS7/RHEL7 and Rancher on SELinux-enabled K3s #1714

Closed davidnuzik closed 3 years ago

davidnuzik commented 4 years ago

Retest installation on CentOS 7 and RHEL 7. § Is documentation sufficient to get it up and running properly? [if not create docs issue(s)] § Can workloads successfully launch?
Test if Rancher 2.4 runs successfully on K3s that has been installed on an SELinux enabled system. § Compare to rke + docker + selinux § Need to understand the repercussions of having it turned on
Additionally, clear docs are needed for disabling SELinux [create docs issue if needed]

ShylajaDevadiga commented 4 years ago

Node OS CentOS 7 k3s v1.18.4+k3s1 Rancher version 2.4.5 With selinux set to Enforcing mode:

Installation on singlecontrol and multicontrol with mysql backend was successful.
Import k3s cluster into Rancher was successful.
K3s as local management cluster in Rancher was successful
Upgrade using SUC from v1.18.3+k3s1 to v1.18.4+k3s1 was successful

davidnuzik commented 4 years ago

This is sort-of a duplicate of https://github.com/rancher/k3s/issues/1371 but we have called out some things around documentation and testing Rancher 2.4 running on K3s. This might not be relevant anymore and we'll need to think on this some.

davidnuzik commented 3 years ago

@ShylajaDevadiga could you briefly test this again with latest k3s v1.19.1 as a medium priority. This does not need to be tested for v1.19.1 k3s release - you can test after it releases. We basically want to double-check that all is well running Rancher 2.5 on SELinux enforcing k3s cluster running on CENT7 or RHEL7. We need to ensure this is fine before R 2.5 release and if there are any special requirements / steps that these get documented in a separate docs issue for Catherine.

ShylajaDevadiga commented 3 years ago

Linking Docs issue here #2058 to mention the need to explicitly enable selinux.

Validated using k3s v1.19.1-rc1+k3s1

cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.8 (Maipo)

import k3s to rancher is successful.

cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml |grep selinux enable_selinux = true

K3s as local management cluster in Rancher was successful

k3s -v
k3s version v1.19.1-rc1+k3s1 (041f18f6)
sudo kubectl get nodes
NAME                                          STATUS   ROLES    AGE     VERSION
ip-172-31-29-130.us-east-2.compute.internal   Ready    master   3h46m   v1.19.1-rc1+k3s1
ip-172-31-22-33.us-east-2.compute.internal    Ready    master   3h42m   v1.19.1-rc1+k3s1
sudo cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml |grep selinux
  enable_selinux = true

ShylajaDevadiga commented 3 years ago

Retesting SUC, found selinux is disabled after upgrade. In v1.19.1-rc1+k3s1 selinux needs to be explicitly enabled. Related issue #2248

ShylajaDevadiga commented 3 years ago

Closing as validated. SUC issue is tracked separately.