Add selinux for k3s

tasks/cluster_k3s.yml

@@ -5,6 +5,22 @@
 #  when:
 #    - kubernetes_cni == "wireguard"
 
+- name: Install the k3s-selinux rpm from a remote repo for yum distro
+  yum:
+    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v0.2.stable.1/k3s-selinux-0.2-1.el7_8.noarch.rpm"
+    state: present
+    disable_gpg_check: yes
+  when:
+    - ansible_pkg_mgr == "yum"
+
+- name: Install the k3s-selinux rpm from a remote repo for dnf distro
+  dnf:
+    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v0.2.stable.1/k3s-selinux-0.2-1.el7_8.noarch.rpm"
+    state: present
+    disable_gpg_check: yes
+  when:
+    - ansible_pkg_mgr == "dnf"
+
 - name: Check if /usr/local/bin/k3s already existe
   stat:
     path: /usr/local/bin/k3s

templates/etc/systemd/system/k3s.service.j2

@@ -8,12 +8,12 @@ Type=notify
 EnvironmentFile=/etc/systemd/system/k3s.service.env
 {% if kubernetes_master|bool %}
 {% if vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined %}
-ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --cluster-init
+ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --cluster-init --selinux
 {% else %}
-ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN}
+ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN} --selinux
 {% endif %}
 {% else %}
-ExecStart=/usr/local/bin/k3s agent --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN} --selinux
 {% endif %}
 KillMode=process
 Delegate=yes