relabel failed - cniackz/public GitHub Wiki

New docs:

https://github.com/minio/directpv/pull/900

SELinux in OpenShift:

If you encounter the relabel failed error after executing the suspend or resume commands, you should set spc_t at the Tenant level Specification, as demonstrated below:

kind: Tenant
spec:
  pools:
  - containerSecurityContext:
      seLinuxOptions:
        type: spc_t

Ensure that the appropriate Security Context Constraints (SCCs) are in place, as illustrated in the following link: https://access.redhat.com/solutions/7025337.

Old docs:

  • When we see relabel failed after running kubectl directpv suspend drives command:
Events:
  Type     Reason          Age                From               Message
  ----     ------          ----               ----               -------
  Normal   Scheduled       40s                default-scheduler  Successfully assigned tenant-certmanager/myminio-pool-0-1 to 27
  Normal   AddedInterface  39s                multus             Add eth0 [10.130.0.22/23] from openshift-sdn
  Normal   Pulled          39s                kubelet            Container image "quay.io/minio/operator@sha256:0a5688b6ac83800d61c32b3f8a19913278d9322ed8974f4e6b444074ecf3d3ee" already present on machine
  Normal   Created         39s                kubelet            Created container validate-arguments
  Normal   Started         38s                kubelet            Started container validate-arguments
  Normal   Pulled          38s                kubelet            Container image "quay.io/minio/operator@sha256:0a5688b6ac83800d61c32b3f8a19913278d9322ed8974f4e6b444074ecf3d3ee" already present on machine
  Normal   Created         38s                kubelet            Created container sidecar
  Normal   Started         38s                kubelet            Started container sidecar
  Normal   Pulled          11s (x5 over 38s)  kubelet            Container image "quay.io/minio/minio:RELEASE.2024-03-05T04-48-44Z" already present on machine
  Warning  Failed          11s (x5 over 38s)  kubelet            Error: relabel failed /var/lib/kubelet/pods/462a36c8-c608-41db-8d48-b02da82c8ffd/volumes/kubernetes.io~csi/pvc-ff938628-7478-495c-bfa0-5c4b2ffd3a7f/mount: lsetxattr /var/lib/kubelet/pods/462a36c8-c608-41db-8d48-b02da82c8ffd/volumes/kubernetes.io~csi/pvc-ff938628-7478-495c-bfa0-5c4b2ffd3a7f/mount: read-only file system

  • the only solution found so far is to disable selinux by changing from enforcing to disable in the /etc/selinux/config

  • then we re-start the node

  • and pod will pass from CreateContainerError to Running