k3s install fails to find available k3s-selinux policy on Amazon Linux 2023 platform

[aganesh-suse]

Environment Details

Infrastructure

• Cloud
• Hosted

Node(s) CPU architecture, OS, and Version:

$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240701"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

$ uname -m
x86_64

Cluster Configuration:

HA: 3 server/ 1 agent

Describe the bug:

Config.yaml:

token: xxxx
cluster-init: true
write-kubeconfig-mode: "0644"
node-external-ip: 1.1.1.1
node-label:
- k3s-upgrade=server

Testing Steps to Reproduce:

1. Copy config.yaml

$ sudo mkdir -p /etc/rancher/k3s && sudo cp config.yaml /etc/rancher/k3s

2. Install k3s

curl -sfL https://get.k3s.io | sudo INSTALL_K3S_VERSION='v1.30.2+k3s1' sh -s - server

3. Verify Cluster Status:

kubectl get nodes -o wide
kubectl get pods -A

Expected behavior:

k3s install should be successful. All nodes and pods should come up running successfully.

Actual behavior:

$ curl -sfL https://get.k3s.io | sudo INSTALL_K3S_VERSION='v1.30.2+k3s1' sh -s - server
[INFO]  Using v1.30.2+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.30.2+k3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.30.2+k3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Finding available k3s-selinux versions
[ERROR]  Failed to find the k3s-selinux policy, please install:
    dnf install -y container-selinux
    dnf install -y https://rpm.rancher.io/k3s/stable/common/centos/8/noarch/

Additional context / logs:

Please know, that once we manually install container-selinux, the k3s-selinux rpm and the iptables the k3s installation is successful.
Filing this low priority issue, so that one does not manually have to do the pre-installs for the same.

$ k3s -v
k3s version v1.30.2+k3s1 (aa4794b3)
go version go1.22.4

[brandond]

We don't handle ID="amzn" or ID_LIKE="fedora" VERSION_ID="2023" that AL2023 uses in our already nasty distro detection code:

k3s/install.sh

Lines 572 to 598 in 58ab259

	[ -r /etc/os-release ] && . /etc/os-release
	if [ `expr "${ID_LIKE}" : ".*suse.*"` != 0 ]; then
	rpm_target=sle
	rpm_site_infix=microos
	package_installer=zypper
	if [ "${ID_LIKE:-}" = suse ] && ( [ "${VARIANT_ID:-}" = sle-micro ] || [ "${ID:-}" = sle-micro ] ); then
	rpm_target=sle
	rpm_site_infix=slemicro
	package_installer=zypper
	fi
	elif [ "${ID_LIKE:-}" = coreos ] || [ "${VARIANT_ID:-}" = coreos ]; then
	rpm_target=coreos
	rpm_site_infix=coreos
	package_installer=rpm-ostree
	elif [ "${VERSION_ID%%.*}" = "7" ]; then
	rpm_target=el7
	rpm_site_infix=centos/7
	package_installer=yum
	elif [ "${VERSION_ID%%.*}" = "8" ] || [ "${VERSION_ID%%.*}" -gt "36" ]; then
	rpm_target=el8
	rpm_site_infix=centos/8
	package_installer=yum
	else
	rpm_target=el9
	rpm_site_infix=centos/9
	package_installer=yum
	fi

[dereknola]

Thats why #9215 was already open

We may also want to combine this with

#9226
and
#8207

[brandond]

All of those are messes though lol

[caroline-suse-rancher]

Hey @aganesh-suse, what is the status of this issue after the above feedback?

[brandond]

That was mostly just internal whinging, we do still need to update the install script for AL23.

[aganesh-suse]

Validated on release-1.30 branch with version v1.30.4-rc1+k3s1

Environment Details

Infrastructure

• Cloud
• Hosted

Node(s) CPU architecture, OS, and Version:

$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240805"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"

$ uname -m
x86_64

Cluster Configuration:

HA: 1 server

Testing Steps

1. Install k3s

curl -sfL https://get.k3s.io | sudo INSTALL_K3S_VERSION='v1.30.4-rc1+k3s1' sh -s - server

3. Verify Cluster Status:

kubectl get nodes -o wide
kubectl get pods -A

Validation Results:

• k3s version used for validation:

$ k3s -v
k3s version v1.30.4-rc1+k3s1 (98262b5d)
go version go1.22.5

Installation output:

$ curl -sfL https://get.k3s.io | sudo INSTALL_K3S_VERSION='v1.30.4-rc1+k3s1' sh -s - server
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 36426  100 36426    0     0   121k      0 --:--:-- --:--:-- --:--:--  122k
[INFO]  Using v1.30.4-rc1+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.30.4-rc1+k3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.30.4-rc1+k3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Finding available k3s-selinux versions
Rancher K3s Common (stable)                                                                                                                         11 kB/s | 2.5 kB     00:00
Dependencies resolved.
===================================================================================================================================================================================
 Package                                   Architecture                   Version                                          Repository                                         Size
===================================================================================================================================================================================
Installing:
 k3s-selinux                               noarch                         1.5-1.el8                                        rancher-k3s-common-stable                          20 k
Installing dependencies:
 container-selinux                         noarch                         2:2.222.0-325.amzn2023                           amazonlinux                                        55 k

Transaction Summary
===================================================================================================================================================================================
Install  2 Packages

Total download size: 75 k
Installed size: 161 k
Downloading Packages:
(1/2): container-selinux-2.222.0-325.amzn2023.noarch.rpm                                                                                           673 kB/s |  55 kB     00:00
(2/2): k3s-selinux-1.5-1.el8.noarch.rpm                                                                                                            136 kB/s |  20 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                              353 kB/s |  75 kB     00:00
Rancher K3s Common (stable)                                                                                                                         28 kB/s | 2.4 kB     00:00
Importing GPG key 0xE257814A:
 Userid     : "Rancher (CI) <ci@rancher.com>"
 Fingerprint: C8CF F216 4551 26E9 B9C9 18BE 925E A29A E257 814A
 From       : https://rpm.rancher.io/public.key
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                           1/1
  Running scriptlet: container-selinux-2:2.222.0-325.amzn2023.noarch                                                                                                           1/2
  Installing       : container-selinux-2:2.222.0-325.amzn2023.noarch                                                                                                           1/2
  Running scriptlet: container-selinux-2:2.222.0-325.amzn2023.noarch                                                                                                           1/2
  Running scriptlet: k3s-selinux-1.5-1.el8.noarch                                                                                                                              2/2
  Installing       : k3s-selinux-1.5-1.el8.noarch                                                                                                                              2/2
  Running scriptlet: k3s-selinux-1.5-1.el8.noarch                                                                                                                              2/2
  Running scriptlet: container-selinux-2:2.222.0-325.amzn2023.noarch                                                                                                           2/2
  Running scriptlet: k3s-selinux-1.5-1.el8.noarch                                                                                                                              2/2
  Verifying        : container-selinux-2:2.222.0-325.amzn2023.noarch                                                                                                           1/2
  Verifying        : k3s-selinux-1.5-1.el8.noarch                                                                                                                              2/2

Installed:
  container-selinux-2:2.222.0-325.amzn2023.noarch                                                   k3s-selinux-1.5-1.el8.noarch

Complete!
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  Host iptables-save/iptables-restore tools not found
[INFO]  Host ip6tables-save/ip6tables-restore tools not found
[INFO]  systemd: Starting k3s

Additional context / logs:

$ kubectl get nodes
NAME                                          STATUS   ROLES                  AGE   VERSION
ip-172-31-28-105.us-east-2.compute.internal   Ready    control-plane,master   52s   v1.30.4-rc1+k3s1

$ kubectl get pods -A
NAMESPACE     NAME                                      READY   STATUS      RESTARTS   AGE
kube-system   coredns-576bfc4dc7-t6ddh                  1/1     Running     0          42s
kube-system   helm-install-traefik-crd-rdkt6            0/1     Completed   0          43s
kube-system   helm-install-traefik-pbt9t                0/1     Completed   1          43s
kube-system   local-path-provisioner-6795b5f9d8-m6g6h   1/1     Running     0          42s
kube-system   metrics-server-557ff575fb-gmf4j           1/1     Running     0          42s
kube-system   svclb-traefik-2382de9c-kqslh              2/2     Running     0          28s
kube-system   traefik-5fb479b77-cvl6v                   1/1     Running     0          28s

Service status:

● k3s.service - Lightweight Kubernetes
     Loaded: loaded (/etc/systemd/system/k3s.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-08-16 20:55:48 UTC; 4min 30s ago