Skip to content

Kubernetes upgrade from v1.21.x to 1.22.x failing with error "does not recognize SELinux label"

Article Number: 000020995

Environment

Rancher 2.6.x
K8S 1.21.x 
RKE1 with SELinux is enabled

Situation

The RKE1 kubernetes version upgrade from v1.21.x to v1.22.x / latest from the Rancher UI is failing. The Rancher UI reporting the error below. 

[[selinux] Host [xx.xx.xx.xx] does not recognize SELinux label [label=type:rke_container_t]. This is required for Kubernetes version [>=1.22.0-rancher0]. Please install rancher-selinux RPM package and try again]

Cause

The package rancher-selinux-0.2-1.el7.noarch must be installed on all nodes if SELinux is enabled at OS level. The older rancher-selinux version are also not supported with kubernetes 1.22.x onwards.

Resolution

Make sure that the SELinux rpm is installed and updated to the latest version. The latest version is now rancher-selinux-0.2-1.el7.noarch

To verify the current version for Redhat based systems. 

rpm -qa | grep rancher-selinux

The OS repository for installing / upgrading the package ( Example ) 

vi /etc/yum.repos.d/rancher.repo
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/7/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key

yum -y install rancher-selinux

To upgrade if already installed the old version

yum update rancher-selinux