Microk8s latest/edge/strict manual review

Hello friends,

Please can we get a manual review done on latest/edge/strict? This is mainly to support testing of the roadmap item.

Thanks,
Joe

Hey @joedborg,

I see the latest uploaded revision is making use of the system-files interface as well as home with the read: all attribute. Could you please explain why such access is needed?

Thanks!

Hello @emitorino

home with read: all is needed on the advice of @ijohnson, because people need to be able to access files in order to apply configuration to Kubernetes:

[86842.701588] audit: type=1400 audit(1621513559.335:310749): apparmor="DENIED" operation="open" profile="snap.microk8s.kubectl" name="/home/jackal/workspace/microk8s/tests/templates/ingress.yaml" pid=208097 comm="kubectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000

system-files is needed as Kubernetes must configure certain things on the host, depending on how the user chooses to configure it. I believe this is expected if someone is installing MicroK8s.

Many thanks,
Joe

@joedborg is this request still valid?

I dont see the latest revision of microk8s is using system-files nor home with read:all

1 Like

Thank you @emitorino

1 Like