search

kube-hetzner / terraform-hcloud-kube-hetzner

Optimized and Maintenance-free Kubernetes on Hetzner Cloud in one command!
MIT License
2.13k stars 339 forks source link

[Bug]: Disabling SELINUX option is not working #1370

Open un1xman opened 2 months ago

un1xman commented 2 months ago

Description

I have added disable_selinux = true to module, but it has not any affect to node(s). SELINUX initalized with enforcing mode on nodepools.

Kube.tf file

module "kube-hetzner" {
  providers = {
    hcloud = hcloud
  }

  hcloud_token = var.hcloud_token

  source = "kube-hetzner/kube-hetzner/hcloud"

  ssh_public_key  = file("keys/id_ed25519_terraform_hetzner_cloudb.pub")
  ssh_private_key = file("keys/id_ed25519_terraform_hetzner_cloudb")
  ssh_port = 22

  network_region = var.region #"eu-central"

  control_plane_nodepools = [
    {
      name        = "control-plane",
      server_type = "cax11",
      location    = "fsn1",
      labels      = [],
      taints      = [],
      count       = 2
      disable_selinux = true
      backups = false
      placement_group = "control-plane-servers"
    }
  ]

  agent_nodepools = [
    {
      name        = "server-nodepool01",
      server_type = "cpx31",
      location    = "fsn1",
      labels      = [],
      taints = [],
      disable_selinux = true
      count  = 3,
    },
    {
      name        = "server-nodepool02",
      server_type = "cpx31",
      location    = "fsn1",
      disable_selinux = true
    }
  ]

  load_balancer_type     = "lb11"
  load_balancer_location = "fsn1"

  enable_metrics_server = true

  create_kubeconfig = true
  export_values     = true

  dns_servers = [
    "1.1.1.1",
    "8.8.8.8",
    "2606:4700:4700::1111",
  ]

  autoscaler_nodepools = [
      {
        name        = "autoscaled-servers"
        server_type = "cpx31"
        location    = "fsn1"
        min_nodes   = 0
        max_nodes   = 5

        labels      = {}
        taints      = []
      }
    ]

  extra_firewall_rules = []

  restrict_outbound_traffic = false

  enable_local_storage = true

  disable_selinux = true
}
output "kubeconfig" {
  value     = module.kube-hetzner.kubeconfig
  sensitive = true
}

output "cluster_id" {
  value = "mp-hke-${var.region}"
}

Screenshots

No response

Platform

Linux

mysticaltech commented 2 months ago

@un1xman Thanks for the info. I will look into it. FYI, if you have selinux problems, please see https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/issues/697 to know how to submit the needed changes.

janpieper commented 2 months ago

@un1xman You're currently using disable_selinux everywhere, but only the global option is called disable_selinux - For the node pools it is only called selinux.

@mysticaltech For control planes the SELinux option is hardcoded to true

https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/blob/426f50d63c9c3f5ccaaa84f11ada71dedc8565c5/control_planes.tf#L105

mysticaltech commented 2 months ago

Thanks @janpieper, appreciate the details.