I just cannot wrap my head around if I need the `rke2 selinu Rancher Users #general

I just cannot wrap my head around if I need the `r...

salmon-morning-84088

04/10/2025, 1:10 PM

I just cannot wrap my head around if I need the

rke2-selinux

package or the

rancher-selinux

package or both installed on my nodes for downstream RKE2 clusters in Rancher. The documentation is very unclear on this point. Does anyone know?

hundreds-evening-84071

04/10/2025, 1:39 PM

from my experience (all on-prim) when I create a downstream cluster the process installs required package, so I have never manually installed either of those

creamy-pencil-82913

04/10/2025, 4:09 PM

rke2-selinux is required for rke2. rancher-selinux is required if you want to use rancher logging chart to collect logs from cluster nodes.

creamy-pencil-82913

04/10/2025, 4:10 PM

this is covered in the docs https://ranchermanager.docs.rancher.com/reference-guides/rancher-security/selinux-rpm/about-rancher-selinux

creamy-pencil-82913

04/10/2025, 4:10 PM

The
rancher-selinux
RPM only contains policies for the rancher-logging application.

✅ 1

salmon-morning-84088

04/14/2025, 7:41 AM

Thanks for the clarification, Brad! 👍 One thing that confuses me here is that the Rancher docs says about `rke2-selinux`: "It is installed automatically when the RKE2 installer script detects that it is running on an RPM-based distro." but it seems like that's not true for downstream RKE2 clusters installed by Rancher. Am I missing something here? 😕

creamy-pencil-82913

04/14/2025, 5:30 PM

thats only true for standalone clusters. if you provision via rancher, it always uses tarball install and does not install any RPMs.

😭 1

Open in Slack

Previous Next