Merge branch 'main' into 11-release-notes

RELEASE_NOTES.md

@@ -40,6 +40,7 @@
 * [#498](https://github.com/suse-edge/edge-image-builder/issues/498) - Fix kernelArgs issue with Leap Micro 6.0
 * [#543](https://github.com/suse-edge/edge-image-builder/issues/543) - Kernel cmdline arguments aren't honoured in SL Micro 6.0 for SelfInstall ISO's
 * [#550](https://github.com/suse-edge/edge-image-builder/issues/550) - PackageHub inclusion in RPM resolution silently errors on SLE Micro 6.0
+* [#565](https://github.com/suse-edge/edge-image-builder/issues/565) - K3S SELinux uses an outdated package
 
 ---
 

config/artifacts.yaml

@@ -9,3 +9,10 @@ endpoint-copier-operator:
 elemental:
   register-repository: https://download.opensuse.org/repositories/isv:/Rancher:/Elemental:/Staging/standard
   system-agent-repository: https://download.opensuse.org/repositories/isv:/Rancher:/Elemental:/Staging/standard
+kubernetes:
+  k3s:
+    selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
+    selinuxRepository: https://rpm.rancher.io/k3s/stable/common/slemicro/noarch
+  rke2:
+    selinuxPackage: rke2-selinux
+    selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch

pkg/eib/eib.go

@@ -62,12 +62,12 @@ func appendKubernetesSELinuxRPMs(ctx *image.Context) error {
 	log.AuditInfo("SELinux is enabled in the Kubernetes configuration. " +
 		"The necessary RPM packages will be downloaded.")
 
-	selinuxPackage, err := kubernetes.SELinuxPackage(ctx.ImageDefinition.Kubernetes.Version)
+	selinuxPackage, err := kubernetes.SELinuxPackage(ctx.ImageDefinition.Kubernetes.Version, ctx.ArtifactSources)
 	if err != nil {
 		return fmt.Errorf("identifying selinux package: %w", err)
 	}
 
-	repository, err := kubernetes.SELinuxRepository(ctx.ImageDefinition.Kubernetes.Version)
+	repository, err := kubernetes.SELinuxRepository(ctx.ImageDefinition.Kubernetes.Version, ctx.ArtifactSources)
 	if err != nil {
 		return fmt.Errorf("identifying selinux repository: %w", err)
 	}

pkg/image/context.go

@@ -39,4 +39,14 @@ type ArtifactSources struct {
 		RegisterRepository    string `yaml:"register-repository"`
 		SystemAgentRepository string `yaml:"system-agent-repository"`
 	} `yaml:"elemental"`
+	Kubernetes struct {
+		K3s struct {
+			SELinuxPackage    string `yaml:"selinuxPackage"`
+			SELinuxRepository string `yaml:"selinuxRepository"`
+		} `yaml:"k3s"`
+		Rke2 struct {
+			SELinuxPackage    string `yaml:"selinuxPackage"`
+			SELinuxRepository string `yaml:"selinuxRepository"`
+		} `yaml:"rke2"`
+	} `yaml:"kubernetes"`
 }

pkg/kubernetes/selinux.go

@@ -10,35 +10,26 @@ import (
 	"github.com/suse-edge/edge-image-builder/pkg/image"
 )
 
-func SELinuxPackage(version string) (string, error) {
-	const (
-		k3sPackage  = "k3s-selinux"
-		rke2Package = "rke2-selinux"
-	)
+func SELinuxPackage(version string, sources *image.ArtifactSources) (string, error) {
 
 	switch {
 	case strings.Contains(version, image.KubernetesDistroK3S):
-		return k3sPackage, nil
+		return sources.Kubernetes.K3s.SELinuxPackage, nil
 	case strings.Contains(version, image.KubernetesDistroRKE2):
-		return rke2Package, nil
+		return sources.Kubernetes.Rke2.SELinuxPackage, nil
 	default:
 		return "", fmt.Errorf("invalid kubernetes version: %s", version)
 	}
 }
 
-func SELinuxRepository(version string) (image.AddRepo, error) {
-	const (
-		k3sRepository  = "https://rpm.rancher.io/k3s/stable/common/slemicro/noarch"
-		rke2Repository = "https://rpm.rancher.io/rke2/stable/common/slemicro/noarch"
-	)
-
+func SELinuxRepository(version string, sources *image.ArtifactSources) (image.AddRepo, error) {
 	var url string
 
 	switch {
 	case strings.Contains(version, image.KubernetesDistroK3S):
-		url = k3sRepository
+		url = sources.Kubernetes.K3s.SELinuxRepository
 	case strings.Contains(version, image.KubernetesDistroRKE2):
-		url = rke2Repository
+		url = sources.Kubernetes.Rke2.SELinuxRepository
 	default:
 		return image.AddRepo{}, fmt.Errorf("invalid kubernetes version: %s", version)
 	}