dustin/airplaypi/pipeline/head This commit looks goodDetails
By default, CRI-O assigns a random SELinux category to every pod, and
then must adjust the label of every file and directory in the persistent
volume to match. For very large volumes like a Buildroot output
directory, this can take quite some time. Fortunately, if we assign a
static category, we can tell CRI-O to skip the relabel step.
Unfortunately, Jenkins does not merge the `securityContext` field of the
pod spec when the `yamlMergeStrategy` is set to `merge`. For our custom
settings to apply, we have to leave the merge strategy at the default,
`override`.
Until I implement some kind of self-provisioning process for these
machines (supposing I ever do), I need a way to log in and
configure/troubleshoot. I don't think there's any particular security
concern by having an auto-logged-in root shell on the UART console, as
accessing it needs physical access to the machine.
Dustin