Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run e2e tests on AL2023 with SELinux #219

Merged
merged 6 commits into from
Feb 21, 2025
Merged

Run e2e tests on AL2023 with SELinux #219

merged 6 commits into from
Feb 21, 2025

Conversation

unexge
Copy link
Contributor

@unexge unexge commented Jul 12, 2024
edited
Loading

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@unexge unexge requested review from vladem and muddyfish July 12, 2024 16:20
unexge
unexge commented Jan 15, 2025
View reviewed changes
.github/workflows/e2e-tests.yaml Outdated
# We're mainly using AL2023 to test our CSI driver with enforced SELinux,
# AL2023 supports switching to enforcing mode via cloud-init, but,
# passing user-data (the way we configure cloud-init) is not supported on eksctl for AL2023.
# So, we're only running SELinux tests with kops.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I think we now figured out how to enforce SELinux via eksctl using:

preBootstrapCommands:
    - "dnf install -y container-selinux"
    - "setenforce 1"
    - 'sed -i "s/SELINUX=permissive/SELINUX=enforcing/" /etc/selinux/config'

We should also enable SELinux on eksctl clusters.

@unexge unexge changed the title Run e2e tests on AL2023 (with SELinux) and Ubuntu 20.04 as well Run e2e tests on AL2023 with SELinux Jan 16, 2025
@unexge unexge enabled auto-merge February 21, 2025 16:55
@unexge unexge added this pull request to the merge queue Feb 21, 2025
Merged via the queue into main with commit e519c4e Feb 21, 2025
30 of 31 checks passed
@unexge unexge deleted the unexge/selinux-ci branch February 21, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muddyfish muddyfish muddyfish approved these changes

@vladem vladem Awaiting requested review from vladem

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@unexge @muddyfish @jiaeenie