rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-17 23:49:06 +00:00
Code Issues Releases Wiki Activity

Dont relabel volumes on upstream Docker & SELinux

Browse Source
This commit is contained in:
Sebastiaan van Steenis
2020-05-19 21:50:24 +02:00
parent 53fcc37e95
commit 0c063587ec
3 changed files with 58 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cluster/plan.go
View File

@@ -525,7 +525,6 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, prefixPath string, servi
"/var/lib/calico:/var/lib/calico:z",
"/etc/resolv.conf:/etc/resolv.conf",
"/sys:/sys:rprivate",
host.DockerInfo.DockerRootDir + ":" + host.DockerInfo.DockerRootDir + ":rw,rslave,z",
fmt.Sprintf("%s:%s:shared,z", path.Join(prefixPath, "/var/lib/kubelet"), path.Join(prefixPath, "/var/lib/kubelet")),
"/var/lib/rancher:/var/lib/rancher:shared,z",
"/var/run:/var/run:rw,rprivate",
@@ -537,6 +536,12 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, prefixPath string, servi
"/usr:/host/usr:ro",
"/etc:/host/etc:ro",
}
BindDockerRootDir := fmt.Sprintf("%s:%s:rw,rslave,z", host.DockerInfo.DockerRootDir, host.DockerInfo.DockerRootDir)
if hosts.IsEnterpriseLinuxHost(host) && hosts.IsDockerSELinuxEnabled(host) && !hosts.IsEnterpriseLinuxDocker(host) {
// Avoid relabing on Enterprise Linux with Docker SELinux and upstream Docker
BindDockerRootDir = strings.TrimSuffix(BindDockerRootDir, ",z")
}
Binds = append(Binds, BindDockerRootDir)
// Special case to simplify using flex volumes
if path.Join(prefixPath, "/var/lib/kubelet") != "/var/lib/kubelet" {
Binds = append(Binds, "/var/lib/kubelet/volumeplugins:/var/lib/kubelet/volumeplugins:shared,z")
@@ -659,8 +664,15 @@ func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, prefixPath string, ser
Binds := []string{
fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(prefixPath, "/etc/kubernetes")),
"/run:/run",
"/lib/modules:/lib/modules:z,ro",
}
BindModules := "/lib/modules:/lib/modules:z,ro"
if hosts.IsEnterpriseLinuxHost(host) && hosts.IsDockerSELinuxEnabled(host) && !hosts.IsEnterpriseLinuxDocker(host) {
// Avoid relabing on Enterprise Linux with Docker SELinux and upstream Docker
BindModules = "/lib/modules:/lib/modules:ro"
}
Binds = append(Binds, BindModules)
if host.DockerInfo.OSType == "windows" { // compatible with Windows
Binds = []string{
// put the execution binaries to the host