Mirror
/
k3s
mirror of https://github.com/k3s-io/k3s.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge ad6fc72dc4 into 1d22b6971f

This commit is contained in:
Hussein Galal 2024-05-16 14:54:00 -07:00 committed by GitHub
parent 1d22b6971f ad6fc72dc4
commit 14b9f1d2de
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
install.sh
View File

@ -94,6 +94,10 @@ set -o noglob
# - INSTALL_K3S_CHANNEL
# Channel to use for fetching k3s download URL.
# Defaults to 'stable'.
#
# - INSTALL_K3S_SKIP_FAPOLICY
# If set, the install script will skip adding fapolicy rules
# Default is not set.
GITHUB_URL=https://github.com/k3s-io/k3s/releases
GITHUB_PR_URL=""
@ -910,6 +914,13 @@ elif type zypper >/dev/null 2>&1; then
\$uninstall_cmd
rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo
fi
if type fapolicyd >/dev/null 2>&1; then
if [ -f /etc/fapolicyd/rules.d/80-k3s.rules ]; then
rm -f /etc/fapolicyd/rules.d/80-k3s.rules
fi
fagenrules --load
systemctl restart fapolicyd
fi
EOF
$SUDO chmod 755 ${UNINSTALL_K3S_SH}
$SUDO chown root:root ${UNINSTALL_K3S_SH}
@ -1099,6 +1110,40 @@ service_enable_and_start() {
return 0
}
# verify_fapolicyd verifies existence of
# fapolicyd executable.
verify_fapolicyd() {
cmd="$(command -v "fapolicyd")"
if [ -z "${cmd}" ]; then
return 1
fi
return 0
}
setup_fapolicy_rules() {
if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/rocky-release ]; then
verify_fapolicyd || return
# setting k3s fapolicyd rules
cat <<-EOF >>"/etc/fapolicyd/rules.d/80-k3s.rules"
allow perm=any all : dir=/var/lib/rancher/
allow perm=any all : dir=/opt/cni/
allow perm=any all : dir=/run/k3s/
allow perm=any all : dir=/var/lib/kubelet/
EOF
if [ -z "${INSTALL_K3S_SKIP_START}" ]; then
fagenrules --load || fatal "failed to load k3s fapolicyd rules"
systemctl restart fapolicyd
fi
fi
}
install_fapolicy() {
if [ -z "${INSTALL_K3S_SKIP_FAPOLICY}" ]; then
setup_fapolicy_rules
fi
}
# --- re-evaluate args to include env command ---
eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@")
@ -1114,6 +1159,7 @@ eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@")
systemd_disable
create_env_file
create_service_file
install_fapolicy
service_enable_and_start
}