-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add calico-node selinux #6359
add calico-node selinux #6359
Conversation
Hi @chenguoquan1024. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What is the difference with #6290 ? (if no diff, please close the other, and in the future you can amend/force push instead of opening multiples PRs ^^) |
hello@floryut |
It is not :) I've restarted your job |
/ok-to-test |
/lgtm |
Is this needed for all situations? If not we should consider a conditional statement to make sure it applies only when necessary. Nobody wants privileged containers if they can be avoided :) |
@Miouge1 this needed for all situations。 |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chenguoquan1024, Miouge1 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* 'master' of https://github.com/kubernetes-sigs/kubespray: Add a way to deploy cilium alongside another CNI (kubernetes-sigs#6373) Cleanup old build-cephfs-provisioner.yml playbook (kubernetes-sigs#6418) Always enable GitLab CI artifacts for cluster-dump (kubernetes-sigs#6412) Remove allow-release-candidate-upgrades already include in experimental-upgrades flag (kubernetes-sigs#6349) add calico-node selinux (kubernetes-sigs#6359) Add oomichi to reviwers of MetalLB addon (kubernetes-sigs#6393) Respect kube_override_hostname during removal/upgrade (kubernetes-sigs#6347) Fixed fedora modular repos activation for fcos (kubernetes-sigs#6300) Fix kube-proxy post deployment removal (kubernetes-sigs#5554) Remove old csi-attacher flag and fix RBAC for Cinder CSI (kubernetes-sigs#6358) Update cilium minimum kernel preinstall check (kubernetes-sigs#6376) Add readiness probe to dns-autoscaler (kubernetes-sigs#6382) Add Fedora CoreOS kubevirt image for tests (kubernetes-sigs#6337) allow kubeadm to upgrade etcd (kubernetes-sigs#6345) crio: harden downloads with retry (kubernetes-sigs#6374) Add workaround with include_task for mitogen (kubernetes-sigs#6312)
When I use calico network to test selinux for kubernetes, I find that when selinux enable , calico-node fail。
This is due to calico-node.yaml not have securityContext param.
What type of PR is this?
/kind bug
What this PR does / why we need it:
When slinux enable calico-node can not run, we need add securityContext param
Which issue(s) this PR fixes:
projectcalico/calico#2704
Does this PR introduce a user-facing change?:
None