Kubernetes upgrade from v1.21.x to 1.22.x failing with error "does not recognize SELinux label"

This document (000020995) is provided subject to the disclaimer at the end of this document.

Environment

Rancher 2.6.x

K8S 1.21.x

RKE1 with SELinux is enabled

Situation

The RKE1 kubernetes version upgrade from v1.21.x to v1.22.x / latest from the Rancher UI is failing. The Rancher UI reporting the error below.

[[selinux] Host [xx.xx.xx.xx] does not recognize SELinux label [label=type:rke_container_t]. This is required for Kubernetes version [>=1.22.0-rancher0]. Please install rancher-selinux RPM package and try again]

Resolution

Make sure that the SELinux rpm is installed and updated to the latest version. The latest version is now rancher-selinux-0.2-1.el7.noarch

To verify the current version for Redhat based systems.

rpm -qa | grep rancher-selinux

The OS repository for installing / upgrading the package ( Example )

vi /etc/yum.repos.d/rancher.repo
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/7/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key

yum -y install rancher-selinux

To upgrade if already installed the old version

yum update rancher-selinux

Cause

The package rancher-selinux-0.2-1.el7.noarch must be installed on all nodes if SELinux is enabled at OS level. The older rancher-selinux version are also not supported with kubernetes 1.22.x onwards.

Status

Top Issue

Additional Information

GH issue : https://github.com/rancher/rancher/issues/36509

Rancher documentation : here

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.