Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: openshift-apiserver
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

it's not possible to remove scheduling gates from privileged pods unless an SCC allows it. One of the main goals of scheduling gates is to support custom quotas, but right now in OpenShift, this isn't possible unless an SCC is configured to allow the gate to be removed.

OpenShift Virtualization uses a custom quota that depends on removing the scheduling gate from pods, so we had to create an SCC to support this. However, the recommended best practice is to avoid using privileged SCCs, as mentioned here:
https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/CATALOG.md#operator-install-status-no-privileges

this bug is blocking:
https://issues.redhat.com/browse/CNV-58655

links to

openshift/apiserver-library-go#128: API-1894: Ignore updates related to Scheduling Gates

Assignee:: Barak Mordehai

Reporter:: Barak Mordehai

Need Info From:: None

Contributors:: None

Architect:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/06/17 7:33 AM

Updated:: 2025/07/30 11:36 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates