Cattle environments will work with SELinux enabled by following the steps in https://gist.github.com/joshwget/413f45a31e42f1f23024558ba4c6a3f6. There are two manual steps in these docs. Eventually neither of these should be necessary.
- Modifying the host SELinux policy
Current workaround: Compile and load an SELinux module that allows Rancher IPSec networking to run.
Real solution: There is a bug in the RHEL SELinux policy that prevents Rancher IPsec from functioning. A patch has been submitted to upstream RHEL and is estimated to be available in 6 weeks.
- Loading necessary kernel modules
Current workaround: There are certain kernel modules that must be loaded prior to running Rancher.
Real solution: These modules should be loaded automatically by Rancher Agent. A definitive list of needed modules must be determined (either Josh or Darren will do this).
There is some work to be done in Rancher in addition to the steps for Cattle environments to make Kubernetes work. This is tracked in rancher/rancher#8071 and it's currently assigned to James.