Robert Massey requested to merge selinux-fix into main Mar 25, 2024

General MR

Summary

Update to K8sPSPSELinuxV2 template and selinuxPolicy to handle bug where empty seLinuxOptions cause K8sPSPSELinuxV2 to trigger and block installations.

Relevant logs/screenshots

seLinuxOptions: {}

causing

istio-operator                         35m         Warning   FailedCreate                   job/istiod-hook                                         (combined from similar events): Error creating: admission webhook "validation.gatekeeper.sh" denied the request: [selinux-policy] SELinux options is not allowed, pod: istiod-hook-k64bn. Allowed options: [{}]

Linked Issue

issue

Upgrade Notices

Due to the new template, test-values need to be updated from excludedResources to exemptImages.

Edited Mar 26, 2024 by Robert Massey

Admin message

update allowedSelinuxOptions

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports