dweomer
commented
4 years ago This works with v1.18.4-beta14+rke2:
[root@rke2-server ~]# kubectl get node,service,pod -A -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node/rke2-server Ready etcd,master 6m4s v1.18.4-beta14+rke2 192.168.121.224 <none> CentOS Linux 7 (Core) 3.10.0-1127.el7.x86_64 containerd://1.3.6-k3s2
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 6m3s <none>
kube-system service/rke2-coredns-rke2-coredns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP 5m34s app.kubernetes.io/instance=rke2-coredns,app.kubernetes.io/name=rke2-coredns,k8s-app=kube-dns
kube-system service/rke2-ingress-nginx-default-backend ClusterIP 10.43.40.160 <none> 80/TCP 5m12s app.kubernetes.io/component=default-backend,app=rke2-ingress-nginx,release=rke2-ingress-nginx
kube-system service/rke2-metrics-server ClusterIP 10.43.23.181 <none> 443/TCP 5m3s app=rke2-metrics-server,release=rke2-metrics-server
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system pod/etcd-rke2-server 1/1 Running 0 4m43s 192.168.121.224 rke2-server <none> <none>
kube-system pod/helm-install-rke2-canal-cbbj6 0/1 Completed 0 5m49s 192.168.121.224 rke2-server <none> <none>
kube-system pod/helm-install-rke2-coredns-bmg9k 0/1 Completed 0 5m49s 192.168.121.224 rke2-server <none> <none>
kube-system pod/helm-install-rke2-ingress-nginx-qs9wq 0/1 Completed 0 5m49s 10.42.0.2 rke2-server <none> <none>
kube-system pod/helm-install-rke2-kube-proxy-xbjjv 0/1 Completed 0 5m49s 192.168.121.224 rke2-server <none> <none>
kube-system pod/helm-install-rke2-metrics-server-cls9f 0/1 Completed 0 5m49s 10.42.0.5 rke2-server <none> <none>
kube-system pod/kube-apiserver-rke2-server 1/1 Running 0 5m4s 192.168.121.224 rke2-server <none> <none>
kube-system pod/kube-controller-manager-rke2-server 1/1 Running 0 6m2s 192.168.121.224 rke2-server <none> <none>
kube-system pod/kube-proxy-cv85w 1/1 Running 0 5m35s 192.168.121.224 rke2-server <none> <none>
kube-system pod/kube-scheduler-rke2-server 1/1 Running 0 6m2s 192.168.121.224 rke2-server <none> <none>
kube-system pod/rke2-canal-t2tp6 2/2 Running 0 5m35s 192.168.121.224 rke2-server <none> <none>
kube-system pod/rke2-coredns-rke2-coredns-7979fc655-sv8pk 1/1 Running 0 5m34s 10.42.0.4 rke2-server <none> <none>
kube-system pod/rke2-ingress-nginx-controller-d78b898d5-cvlcs 1/1 Running 0 5m12s 192.168.121.224 rke2-server <none> <none>
kube-system pod/rke2-ingress-nginx-default-backend-5787b8798f-nt8w6 1/1 Running 0 5m12s 10.42.0.3 rke2-server <none> <none>
kube-system pod/rke2-metrics-server-8c48bb8f7-scxqf 1/1 Running 0 5m3s 10.42.0.6 rke2-server <none> <none>
[root@rke2-server ~]# getenforce
Enforcing
[root@rke2-server ~]#
This enables rke2 static pods (etcd, kube-scheduler, kube-apiserver, etc) to start up correctly with SELinux=Enforcing.
/var/lib/rancher/rke2/server/{cred,tls}:arrow_right:container_share_t/var/lib/rancher/rke2/server/db:arrow_right:container_file_tAddresses https://github.com/rancher/rke2/issues/156