KOTS: enable selinux in kURL Installer


#1

If the SELinux kURL addon is configured, kURL install will not prompt to disable it when installing and apply any supplied configs.

apiversion: cluster.kurl.sh/v1beta1
kind: Installer
metadata:
  name: ""
spec:
  selinuxConfig:
    selinux: "enforcing"
    preserveConfig: false
    disableSelinux: false

You can add this config in one of two ways.

  • Using a kURL YAML Patch file and applying the config at kurl install time.
    curl https://kurl.sh/latest | sudo bash -s installer-spec-file=[path to YAML patch]

  • Adding the kURL YAML to the kURL installer in vendor.replicated.com.

But please note its up to the customer to ensure SELinux is configured properly and support for these installs is provided on a best-effort basis. Overall the end-customer is responsible for SELinux.