CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
typhoon/bare-metal/fedora-coreos/kubernetes
History
James Harmison 9a4887d028 Add bind mounts for selinux to fcos kubelets 
fixes #1123

Enables the use of CSI drivers with a StorageClass that lacks an explicit context mount option. In cases where the kubelet lacks mounts for `/etc/selinux` and `/sys/fs/selinux`, it is unable to set the `:Z` option for the CRI volume definition automatically. See [KEP 1710](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/1710-selinux-relabeling/README.md#volume-mounting) for more information on how SELinux is passed to the CRI by Kubelet.

Prior to this change, a not-explicitly-labelled mount would have an `unlabeled_t` SELinux type on the host. Following this change, the Kubelet and CRI work together to dynamically relabel mounts that lack an explicit context specification every time it is rebound to a pod with SELinux type `container_file_t` and appropriate context labels to match the specifics for the pod it is bound to. This enables applications running in containers to consume dynamically provisioned storage on SELinux enforcing systems without explicitly setting the context on the StorageClass or PersistentVolume.
 		2022-04-26 21:33:26 -07:00
..
fcc Add bind mounts for selinux to fcos kubelets 2022-04-26 21:33:26 -07:00
LICENSE Add docs for Fedora CoreOS AWS and bare-metal 2019-07-18 00:55:22 -07:00
README.md Update Kubernetes from v1.23.5 to v1.23.6 2022-04-20 19:39:05 -07:00
bootstrap.tf Remove use of deprecated `key_algorithm` field in TLS assets 2022-04-20 19:52:03 -07:00
groups.tf Introduce list of detail objects for bare-metal machines 2019-10-06 20:22:45 -07:00
outputs.tf Set kubeconfig and asset_dist as sensitive 2020-11-23 11:41:55 -08:00
profiles.tf Fix Azure `backend_address_pool_id` deprecation warning 2021-12-14 10:26:08 -08:00
ssh.tf Workaround Terraform v1.1 file provisioner regression 2021-12-28 13:25:23 -08:00
variables.tf Change default CNI provider from Calico to Cilium 2022-02-07 08:07:00 -08:00
versions.tf Update minimum Terraform provider versions 2021-12-07 16:26:34 -08:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

  • Minimal, stable base Kubernetes distribution
  • Declarative infrastructure and configuration
  • Free (freedom and cost) and privacy-respecting
  • Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

  • Kubernetes v1.23.6 (upstream)
  • Single or multi-master, Calico or Cilium or flannel networking
  • On-cluster etcd with TLS, RBAC-enabled, network policy, SELinux enforcing
  • Advanced features like snippets customization
  • Ready for Ingress, Prometheus, Grafana, and other optional addons

Docs

Please see the official docs and the bare-metal tutorial.