typhoon/azure/fedora-coreos/kubernetes
James Harmison 9a4887d028 Add bind mounts for selinux to fcos kubelets
fixes #1123

Enables the use of CSI drivers with a StorageClass that lacks an explicit context mount option. In cases where the kubelet lacks mounts for `/etc/selinux` and `/sys/fs/selinux`, it is unable to set the `:Z` option for the CRI volume definition automatically. See [KEP 1710](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/1710-selinux-relabeling/README.md#volume-mounting) for more information on how SELinux is passed to the CRI by Kubelet.

Prior to this change, a not-explicitly-labelled mount would have an `unlabeled_t` SELinux type on the host. Following this change, the Kubelet and CRI work together to dynamically relabel mounts that lack an explicit context specification every time it is rebound to a pod with SELinux type `container_file_t` and appropriate context labels to match the specifics for the pod it is bound to. This enables applications running in containers to consume dynamically provisioned storage on SELinux enforcing systems without explicitly setting the context on the StorageClass or PersistentVolume.
2022-04-26 21:33:26 -07:00
..
fcc Add bind mounts for selinux to fcos kubelets 2022-04-26 21:33:26 -07:00
workers Add bind mounts for selinux to fcos kubelets 2022-04-26 21:33:26 -07:00
LICENSE Add support for Fedora CoreOS on Azure 2020-04-12 16:35:49 -07:00
README.md Update Kubernetes from v1.23.5 to v1.23.6 2022-04-20 19:39:05 -07:00
bootstrap.tf Remove use of deprecated `key_algorithm` field in TLS assets 2022-04-20 19:52:03 -07:00
controllers.tf Use strict mode for Container Linux Configs 2020-06-09 23:00:36 -07:00
lb.tf Allow upgrading Azure Terraform Provider to v3.x 2022-04-01 16:36:53 -07:00
network.tf Allow upgrading Azure Terraform Provider to v3.x 2022-04-01 16:36:53 -07:00
outputs.tf Allow upgrading Azure Terraform Provider to v3.x 2022-04-01 16:36:53 -07:00
security.tf Allow upgrading Azure Terraform Provider to v3.x 2022-04-01 16:36:53 -07:00
ssh.tf Workaround Terraform v1.1 file provisioner regression 2021-12-28 13:25:23 -08:00
variables.tf Change default CNI provider from Calico to Cilium 2022-02-07 08:07:00 -08:00
versions.tf Allow upgrading Azure Terraform Provider to v3.x 2022-04-01 16:36:53 -07:00
workers.tf Add support for Fedora CoreOS on Azure 2020-04-12 16:35:49 -07:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

  • Minimal, stable base Kubernetes distribution
  • Declarative infrastructure and configuration
  • Free (freedom and cost) and privacy-respecting
  • Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Docs

Please see the official docs and the Azure tutorial.