Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL8 Support #16

Closed
davidnuzik opened this issue May 7, 2020 · 8 comments
Closed

RHEL8 Support #16

davidnuzik opened this issue May 7, 2020 · 8 comments
Assignees
@Oats87 @ShylajaDevadiga
Labels
kind/feature A large new piece of functionality
Milestone
GA (v1.18.9+rke2r1)

Comments

@davidnuzik
Copy link
Contributor

davidnuzik commented May 7, 2020
edited
Loading

This is a high level task that encompasses the work required to support RHEL8. It expands on work done as a part of #2

Autodetect binaries, if they are not available in the container bind-mount to host w/ chroot.
@davidnuzik davidnuzik added kind/task Work not related to bug fixes or new functionality [zube]: Next Up labels May 7, 2020
@davidnuzik davidnuzik added this to the Alpha milestone May 7, 2020
@davidnuzik
Copy link
Contributor Author

davidnuzik commented May 14, 2020
edited
Loading

Based on discussion 5/14/2020 in our RKE2/RFed weekly sync up, UBI8 is not a candidate for MVP release. This will need to be worked on post MVP release. Bumping this out. We'll use UBI7 for all images for MVP. We can pull in iptables/nftables/whatever in k3s-root (or similar soltuion) ourselves.

I created #240 regarding a move to UBI8 or from-scratch base images.

@davidnuzik davidnuzik modified the milestones: Alpha, Post-MVP May 14, 2020
@davidnuzik
Copy link
Contributor Author

Related: #15

@cjellick cjellick modified the milestones: Post-GA, Backlog Jul 31, 2020
@davidnuzik davidnuzik mentioned this issue Aug 7, 2020
Closed
@davidnuzik davidnuzik changed the title Switch to UBI8 RHEL8 Support Aug 7, 2020
@davidnuzik davidnuzik modified the milestones: Backlog, GA Aug 7, 2020
@davidnuzik
Copy link
Contributor Author

Related: #225

@Oats87
Copy link
Contributor

Oats87 commented Aug 24, 2020

The kube-proxy image needs to be enhanced to be able to switch between iptables legacy and iptables nft. We have decided to utilize the k3s-root built xtables binaries for our ubi7 base images, as there is no available iptables nft package.

This was referenced Aug 24, 2020
Merged
Merged
Merged
Merged
@Oats87 Oats87 mentioned this issue Aug 26, 2020
Merged
@davidnuzik davidnuzik added kind/feature A large new piece of functionality priority/critical-urgent and removed kind/task Work not related to bug fixes or new functionality labels Aug 26, 2020
This was referenced Aug 26, 2020
Merged
Merged
@Oats87
Copy link
Contributor

Oats87 commented Aug 26, 2020

This can be tested using the following heredoc:

cat << EOF > /etc/yum.repos.d/rancher-rke2-el8-1-18-testing.repo
[rancher-rke2-el8-common-testing]
name=Rancher RKE2 EL8 Common Testing
baseurl=https://rpm-testing.rancher.io/rke2/testing/common/centos/8/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm-testing.rancher.io/public.key

[rancher-rke2-el8-1-18-testing]
name=Rancher RKE2 EL8 1.18 Testing
baseurl=https://rpm-testing.rancher.io/rke2/testing/1.18/centos/8/x86_64
enabled=1
gpgcheck=1
gpgkey=https://rpm-testing.rancher.io/public.key
EOF

on a CentOS 8 or RHEL 8 system. Firewalld must be off, and preferably selinux in permissive mode.

This was referenced Aug 26, 2020
Merged
Merged
@Oats87
Copy link
Contributor

Oats87 commented Aug 26, 2020

Ready to test with v1.18.4-beta10+rke2

@ShylajaDevadiga
Copy link
Contributor

Using rke2 beta19 on RHEL 8 validated the following using default OS settings.
rke2 process and system service have correct labels

cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

getenforce
Enforcing

sudo cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml|grep selinux
  enable_selinux = true

kgn
NAME                                         STATUS   ROLES         AGE   VERSION
ip-172-31-7-173.us-east-2.compute.internal   Ready    etcd,master   63m   v1.18.8-beta19+rke2

kgp
NAMESPACE     NAME                                                                 READY   STATUS      RESTARTS   AGE
kube-system   etcd-ip-172-31-7-173.us-east-2.compute.internal                      1/1     Running     0          62m
kube-system   helm-install-rke2-canal-2gd95                                        0/1     Completed   0          62m
kube-system   helm-install-rke2-coredns-8hhz4                                      0/1     Completed   0          62m
kube-system   helm-install-rke2-ingress-nginx-hz4pw                                0/1     Completed   0          62m
kube-system   helm-install-rke2-kube-proxy-mpx2w                                   0/1     Completed   0          62m
kube-system   helm-install-rke2-metrics-server-kvqhs                               0/1     Completed   0          62m
kube-system   kube-apiserver-ip-172-31-7-173.us-east-2.compute.internal            1/1     Running     0          61m
kube-system   kube-controller-manager-ip-172-31-7-173.us-east-2.compute.internal   1/1     Running     0          63m
kube-system   kube-proxy-m7mww                                                     1/1     Running     0          62m
kube-system   kube-scheduler-ip-172-31-7-173.us-east-2.compute.internal            1/1     Running     0          63m
kube-system   rke2-canal-58xxm                                                     2/2     Running     0          62m
kube-system   rke2-coredns-rke2-coredns-7979fc655-f99gz                            1/1     Running     0          62m
kube-system   rke2-ingress-nginx-controller-d4989f458-qmqvc                        1/1     Running     0          61m
kube-system   rke2-ingress-nginx-default-backend-65f75d6664-n2q5b                  1/1     Running     0          61m
kube-system   rke2-metrics-server-59c7d566ff-hll5k                                 1/1     Running     0          61m

ps -eZ | grep -E 'rke2|containerd|shim'
system_u:system_r:container_runtime_t:s0 13138 ? 00:00:22 rke2
system_u:system_r:container_runtime_t:s0 13152 ? 00:00:50 containerd
system_u:system_r:container_runtime_t:s0 13226 ? 00:00:00 containerd-shim
system_u:system_r:rke2_service_t:s0:c746,c847 13474 ? 00:00:07 kube-scheduler
system_u:system_r:rke2_service_t:s0:c184,c436 13494 ? 00:00:40 kube-controller

ps -eZ|grep nginx
system_u:system_r:container_t:s0:c365,c708 17022 ? 00:00:05 nginx-ingress-c
system_u:system_r:container_t:s0:c365,c708 17078 ? 00:00:00 nginx

@davidnuzik davidnuzik removed their assignment Sep 22, 2020
@ShylajaDevadiga
Copy link
Contributor

RKE2 version: v1.18.8-beta20+rke2
Conformance test passed.

sonobuoy results $res
Plugin: e2e
Status: passed
Total: 4992
Passed: 277
Failed: 0
Skipped: 4715

Plugin: systemd-logs
Status: passed
Total: 2
Passed: 2
Failed: 0
Skipped: 0

Import to rancher was successful

image

Installed as local management cluster for Rancher
image
image

@zube zube bot removed the [zube]: Done label Dec 24, 2020
@brandond brandond mentioned this issue Jun 30, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Oats87 Oats87

@ShylajaDevadiga ShylajaDevadiga

Labels
kind/feature A large new piece of functionality
Projects
None yet
Milestone
GA (v1.18.9+rke2r1)
Development

No branches or pull requests
5 participants
@cjellick @briandowns @Oats87 @davidnuzik @ShylajaDevadiga