mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-03-11 11:00:57 -04:00
1bc78add3e
Automatic merge from submit-queue (batch tested with PRs 38443, 40145, 40701, 40682) Move kubeadm etcd SELinux options from container to pod. **What this PR does / why we need it**: Works around a bug that surfaces in Docker 1.12+ related to the pause container's namespace and selinux labels being transferred to the etcd container when it runs. At present it appears that applying selinux options to a container may be broken, or perhaps shouldn't be supported at all. Moving these to the pod causes all containers (including pause) to run with the correct labels. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: Related to and partial fix for https://github.com/kubernetes/kubeadm/issues/107 This is one of several selinux related fixes in flight for upcoming releases, and newer versions of Docker. To successfully run kubeadm with selinux enforcing right now would like require a recent container-selinux build as uncovered in https://github.com/kubernetes/kubeadm/issues/107, a bugfix for the format labels in #40179, and finally this fix. **Release note**: ```release-note Fixed an SELinux issue in kubeadm on Docker 1.12+ by moving etcd SELinux options from container to pod. ``` |
||
|---|---|---|
| .. | ||
| clicheck | ||
| cloud-controller-manager | ||
| gendocs | ||
| genkubedocs | ||
| genman | ||
| genslateyaml | ||
| genswaggertypedocs | ||
| genutils | ||
| genyaml | ||
| hyperkube | ||
| kube-aggregator | ||
| kube-apiserver | ||
| kube-controller-manager | ||
| kube-discovery | ||
| kube-proxy | ||
| kubeadm | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| libs/go2idl | ||
| linkcheck | ||
| mungedocs | ||
| BUILD | ||
| OWNERS | ||