From 62e070b0ddef3361dc3bb9f757d01023e0fe415e Mon Sep 17 00:00:00 2001 From: Cesar Celis Hernandez Date: Sat, 13 Apr 2024 14:57:15 -0400 Subject: [PATCH] Adding SELinux Documentation --- docs/openshift.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/openshift.md b/docs/openshift.md index 80be0a65..37601667 100644 --- a/docs/openshift.md +++ b/docs/openshift.md @@ -7,3 +7,18 @@ DirectPV runs under project `directpv` in Red Hat OpenShift. Project `directpv` ## Limitations * DirectPV does not support volume snapshot feature as per CSI specification. DirectPV is specifically meant for use cases like MinIO where the data availability and resiliency is taken care by the application itself. Additionally, with the AWS S3 versioning APIs and internal healing, snapshots is not a requirement. * DirectPV does not support `ReadWriteMany` volume access mode. The workloads using DirectPV run local to the node and are provisioned from local storage drives in the node. This allows the workloads to directly access data without any additional network hops, unlike remote volumes, network PVs, etc. The additional network hops may lead to poor performance and increases the complexity. With `ReadWriteOnce` access mode, DirectPV provides high performance storage for Pods. + +## SELinux in OpenShift: + +If you encounter the `relabel failed` error after executing the `suspend` or `resume` commands, you should set `spc_t` at the Tenant level Specification, as demonstrated below: + +```yaml +kind: Tenant +spec: + pools: + - containerSecurityContext: + seLinuxOptions: + type: spc_t +``` + +Ensure that the appropriate Security Context Constraints (SCCs) are in place, as illustrated in the following link: https://access.redhat.com/solutions/7025337.