From 1c61d279e749fae90f7f4deec5d21b47cae561c5 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Tue, 25 Feb 2025 13:39:40 +0100 Subject: [PATCH] Add SELinuxMount and SELinuxChangePolicy feature gates They're Kubernetes feature gates, both alpha in Kubernetes 1.32. See https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1710-selinux-relabeling --- features.md | 2 ++ features/features.go | 16 ++++++++++++++++ .../featureGate-Hypershift-Default.yaml | 6 ++++++ ...atureGate-Hypershift-DevPreviewNoUpgrade.yaml | 6 ++++++ ...tureGate-Hypershift-TechPreviewNoUpgrade.yaml | 6 ++++++ .../featureGate-SelfManagedHA-Default.yaml | 6 ++++++ ...reGate-SelfManagedHA-DevPreviewNoUpgrade.yaml | 6 ++++++ ...eGate-SelfManagedHA-TechPreviewNoUpgrade.yaml | 6 ++++++ 8 files changed, 54 insertions(+) diff --git a/features.md b/features.md index 5f150ebe2d0..547b06871f5 100644 --- a/features.md +++ b/features.md @@ -9,6 +9,8 @@ | ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | | Example2| | | Enabled | Enabled | | | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled | +| SELinuxChangePolicy| | | Enabled | Enabled | | | +| SELinuxMount| | | Enabled | Enabled | | | | SigstoreImageVerificationPKI| | | Enabled | Enabled | | | | NewOLM| | Enabled | | Enabled | | Enabled | | AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 02fe3548263..ec4a1c71ad1 100644 --- a/features/features.go +++ b/features/features.go @@ -766,4 +766,20 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1712"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + + FeatureGateSELinuxChangePolicy = newFeatureGate("SELinuxChangePolicy"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateSELinuxMount = newFeatureGate("SELinuxMount"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() ) diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml index bc05a2adeb3..c5bd718192b 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml @@ -154,6 +154,12 @@ { "name": "RouteExternalCertificate" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "ServiceAccountTokenNodeBinding" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml index 599c1b52a5c..ce726687da1 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -236,6 +236,12 @@ { "name": "RouteExternalCertificate" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "ServiceAccountTokenNodeBinding" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml index 664d6ef7ed0..4f2d4c37a29 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml @@ -45,6 +45,12 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "SigstoreImageVerificationPKI" } diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml index c9b154d1eaf..21acb507d03 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml @@ -154,6 +154,12 @@ { "name": "RouteExternalCertificate" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "ServiceAccountTokenNodeBinding" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml index 42f271383d7..7dfcd9ffc77 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -236,6 +236,12 @@ { "name": "RouteExternalCertificate" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "ServiceAccountTokenNodeBinding" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml index dd6fec3a1ce..6569405072c 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -39,6 +39,12 @@ { "name": "MultiArchInstallAzure" }, + { + "name": "SELinuxChangePolicy" + }, + { + "name": "SELinuxMount" + }, { "name": "SigstoreImageVerificationPKI" }