History

James Harmison 9a4887d028 Add bind mounts for selinux to fcos kubelets fixes #1123 Enables the use of CSI drivers with a StorageClass that lacks an explicit context mount option. In cases where the kubelet lacks mounts for `/etc/selinux` and `/sys/fs/selinux`, it is unable to set the `:Z` option for the CRI volume definition automatically. See [KEP 1710](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/1710-selinux-relabeling/README.md#volume-mounting) for more information on how SELinux is passed to the CRI by Kubelet. Prior to this change, a not-explicitly-labelled mount would have an `unlabeled_t` SELinux type on the host. Following this change, the Kubelet and CRI work together to dynamically relabel mounts that lack an explicit context specification every time it is rebound to a pod with SELinux type `container_file_t` and appropriate context labels to match the specifics for the pod it is bound to. This enables applications running in containers to consume dynamically provisioned storage on SELinux enforcing systems without explicitly setting the context on the StorageClass or PersistentVolume.		2022-04-26 21:33:26 -07:00
..
fcc	Add bind mounts for selinux to fcos kubelets	2022-04-26 21:33:26 -07:00
workers	Add bind mounts for selinux to fcos kubelets	2022-04-26 21:33:26 -07:00
LICENSE	Add module for Fedora CoreOS on Google Cloud	2020-02-01 15:21:40 -08:00
README.md	Update Kubernetes from v1.23.5 to v1.23.6	2022-04-20 19:39:05 -07:00
apiserver.tf	Add module for Fedora CoreOS on Google Cloud	2020-02-01 15:21:40 -08:00
bootstrap.tf	Remove use of deprecated `key_algorithm` field in TLS assets	2022-04-20 19:52:03 -07:00
controllers.tf	Remove os_image variable on Google Cloud Fedora CoreOS	2020-06-29 22:57:11 -07:00
image.tf	Use Fedora CoreOS image streams on Google Cloud	2020-05-08 01:23:12 -07:00
ingress.tf	Add module for Fedora CoreOS on Google Cloud	2020-02-01 15:21:40 -08:00
network.tf	Update Prometheus discovery of kube components	2021-08-10 21:25:19 -07:00
outputs.tf	Set kubeconfig and asset_dist as sensitive	2020-11-23 11:41:55 -08:00
ssh.tf	Workaround Terraform v1.1 file provisioner regression	2021-12-28 13:25:23 -08:00
variables.tf	Change default CNI provider from Calico to Cilium	2022-02-07 08:07:00 -08:00
versions.tf	Fix null provider version constraint on Google Cloud	2021-12-08 14:06:38 -08:00
workers.tf	Remove os_image variable on Google Cloud Fedora CoreOS	2020-06-29 22:57:11 -07:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

Minimal, stable base Kubernetes distribution
Declarative infrastructure and configuration
Free (freedom and cost) and privacy-respecting
Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Kubernetes v1.23.6 (upstream)
Single or multi-master, Calico or Cilium or flannel networking
On-cluster etcd with TLS, RBAC-enabled, network policy, SELinux enforcing
Advanced features like worker pools, preemptible workers, and snippets customization
Ready for Ingress, Prometheus, Grafana, CSI, and other optional addons

Docs

Please see the official docs and the Google Cloud tutorial.