Fix SELinux context for local-path provisioner

2024-10-02 09:11:23 +02:00 · 2024-10-02 09:11:23 +02:00 · 21f4c81832
commit 21f4c81832
parent 7e78625cff
1 changed files with 10 additions and 0 deletions
--- a/tasks/cluster_k3s.yml
+++ b/tasks/cluster_k3s.yml
@ -204,9 +204,19 @@
      - "/var/lib/rancher/k3s"
      - "/var/lib/rancher/k3s/server"
      - "/var/lib/rancher/k3s/server/manifests"
+      - "/var/lib/rancher/k3s/storage"
    when:
      - kubernetes_master|bool

+# semanage fcontext -a -t container_file_t  "/var/lib/rancher/k3s/storage(/.*)?"
+  - name: Allow K3S local-path provisioner to create directories in /var/lib/rancher/k3s/storage
+    community.general.sefcontext:
+      target: '/var/lib/rancher/k3s/storage(/.*)?'
+      setype: container_file_t
+      state: present
+  - name: Apply new SELinux file context to filesystem
+    ansible.builtin.command: restorecon -R  /var/lib/rancher/k3s/storage/
+
  - name: Deploy Network Policies
    ansible.builtin.template:
      src: "{{ item }}.j2"