feat(csidriver): declare seLinuxMount support

[cjorge-graphops]

Pull Request template

Please, go through these steps before you submit a PR.

Why is this PR required? What issue does it fix?:

Allows zfs-localpv to support efficient SELinux relabeling (https://kubernetes.io/blog/2023/04/18/kubernetes-1-27-efficient-selinux-relabeling-beta/)

What this PR does?:

Adds seLinuxMount: true to the CSIDriver spec, by default.

Does this PR require any upgrade changes?:

No

If the changes in this PR are manually verified, list down the scenarios covered::

I've validated that when all the required conditions are met, kubelet passes an additional mount option for selinux context, which is supported by ZFS with no issues, effectively avoiding the relabeling step on preparing the PVC.

Any additional information for your reviewer? :

Related to #577

Checklist:

• Fixes Support mounting with SeLinux mount options #577
• PR Title follows the convention of <type>(<scope>): <subject>
• Has the change log section been updated?
• Commit has unit tests
• Commit has integration tests
• (Optional) Are upgrade changes included in this PR? If not, mention the issue/PR to track:
• (Optional) If documentation changes are required, which issue on https://github.com/openebs/website is used to track them:

[Abhinandan-Purkait]

Maybe set this via helm variable?

[sinhaashish]

moreover if this is supported in Kubernetes version ≥ 1.27 then why are we setting it to true as default

[tiagolobocastro]

It seems to be accepted from 1.25.x, so I suggest this:

Suggested change

	seLinuxMount: true
	{{- if semverCompare ">= 1.25.x" .Capabilities.KubeVersion.Version }}
	seLinuxMount: true
	{{- end }}

[cjorge-graphops]

thank you

[Abhinandan-Purkait]

@tiagolobocastro Should this be here?

[tiagolobocastro]

You mean vs the root openebs? Seems we already have pv-migration here in this repo as well.
So basically, going forward do we want to keep designs per repo or on umbrella repo? CC @avishnu

[tiagolobocastro]

Let's just keep it here for now.
Let's discuss on the next maintainers call on how to organize these better.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.99%. Comparing base (e3d55d7) to head (36620f7).
Report is 13 commits behind head on develop.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop     #598      +/-   ##
===========================================
- Coverage    96.37%   95.99%   -0.38%     
===========================================
  Files            1        1              
  Lines          496      574      +78     
===========================================
+ Hits           478      551      +73     
- Misses          14       19       +5     
  Partials         4        4              

Flag	Coverage Δ
bddtests	95.99% <ø> (-0.38%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tiagolobocastro]

Yes I think it's good to document the requirements.

[tiagolobocastro]

Suggested change

	seLinuxMount: true
	{{- if semverCompare ">= 1.25.x" .Capabilities.KubeVersion.Version }}
	seLinuxMount: true
	{{- end }}

[tiagolobocastro]

It seems to be accepted from 1.25.x, so I suggest this:

Suggested change

	seLinuxMount: true
	{{- if semverCompare ">= 1.25.x" .Capabilities.KubeVersion.Version }}
	seLinuxMount: true
	{{- end }}

[tiagolobocastro]

Any updates here @cjorge-graphops ?

[cjorge-graphops]

Any updates here @cjorge-graphops ?

I'm sorry, have been pressed for time. I will be able to address all the points raised here and try to push this forward soon (end of December / very early January) - and ofc, anyone can feel free to do so if they wish to do so earlier 🙇

I'll also document better the requirements as expressed, but just to leave a heads-up: this seLinuxMount functionality on k8s is still being worked and developed further (expanded to relax some of the constraints). As such that documentation will need to be kept up to date over the next months/year as the SIG evolves. I don't mind doing my best to maintain it, but I don't expect I'll be faster at it than this PR has been like through 2025... which leaves a bit to be desired in terms of being timely.

[Abhinandan-Purkait]

Any updates here @cjorge-graphops ?

I'm sorry, have been pressed for time. I will be able to address all the points raised here and try to push this forward soon (end of December / very early January) - and ofc, anyone can feel free to do so if they wish to do so earlier 🙇

I'll also document better the requirements as expressed, but just to leave a heads-up: this seLinuxMount functionality on k8s is still being worked and developed further (expanded to relax some of the constraints). As such that documentation will need to be kept up to date over the next months/year as the SIG evolves. I don't mind doing my best to maintain it, but I don't expect I'll be faster at it than this PR has been like through 2025... which leaves a bit to be desired in terms of being timely.

That's great. Thanks for the contribution, looking forward to the changes.