From 23509a26898216b405bae26b9b0675338e7e1011 Mon Sep 17 00:00:00 2001 From: Phil Gebhardt Date: Wed, 31 May 2023 13:56:38 -0700 Subject: [PATCH] remove reference to Configure: Kubernetes This section effectively configures the pod to relabel its bind-mounted files, which include important files on the host which should not be relabeled unless the user knows exactly what will happen. This is likely not the best advice for users running on SELinux-enabled Kubernetes clusters. We need to find an equivalent to OpenShift's SecurityContextConstraints which configure what SELinux label the container process must run as, instead of relabeling the file system. Until we have that guidance, I think we should remove this. --- README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/README.md b/README.md index f49056f..f36028c 100644 --- a/README.md +++ b/README.md @@ -85,17 +85,6 @@ docker run -it \ gremlin/gremlin daemon ``` -### Configure: Kubernetes - -To make the Gremlin daemonset run within the `gremlin.process` context, place the following `securityContext` into the existing Gremlin daemonset YAML. - -```yaml -... -securityContext: - seLinuxOptions: - type: gremlin.process -``` - ### Configure: OpenShift Like [the configuration for kubernetes][config_kubernetes], the Gremlin daemonset must run with the `gremlin.process` SELinux context. For openshift, this should be controlled through a [SecurityContextConstraints][about_scc] policy instead of directly through a Kubernetes `securityContext`.