Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-10807

multus-admission-controller should not run as root under Hypershift-managed CNO

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • 4.14.0
    • 4.13, 4.12, 4.14
    • HyperShift
    • None
    • Important
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Cluster Network Operator managed component multus-admission-controller does not conform to Hypershift control plane expectations.

When CNO is managed by Hypershift, multus-admission-controller and other CNO-managed deployments should run with non-root security context. If Hypershift runs control plane on kubernetes (as opposed to Openshift) management cluster, it adds pod security context to its managed deployments, including CNO, with runAsUser element inside. In such a case CNO should do the same, set security context for its managed deployments, like multus-admission-controller, to meet Hypershift security rules.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      Always

      Steps to Reproduce:

      1.Create OCP cluster using Hypershift using Kube management cluster
2.Check pod security context of multus-admission-controller

      Actual results:

      no pod security context is set on multus-admission-controller

      Expected results:

      pod security context is set with runAsUser: xxxx

      Additional info:

      Corresponding CNO change

            agarcial@redhat.com Alberto Garcia Lamela
            michael.topchiev@ibm.com Michael Topchiev
            Jie Zhao Jie Zhao
            IBM Employee
            Michael Topchiev
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: