Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-8747

[Search] Ensure Kubernetes SCC V2 Compliance for Pods in ACM Cluster


    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • ACM 2.10.0, MCE 2.5.0
    • ACM 2.10.0, MCE 2.5.0
    • Search
    • None
    • Ensure Kubernetes SCC V2 Compliance for Pods in ACM Cluster
    • False
    • None
    • False
    • Not Selected
    • To Do
    • 50% To Do, 50% In Progress, 0% Done

      Epic Goal

      The goal of this epic is to guarantee that all pods running within the ACM (Advanced Cluster Management) cluster adhere to Kubernetes Security Context Constraints (SCC). The implementation of a comprehensive SCC compliance checking system will proactively maintain a secure and compliant environment, mitigating security risks.

      Why is this important?

      Ensuring SCC compliance is critical for the security and stability of a Kubernetes cluster. 


      A customer who is responsible for overseeing the operations of their cluster, faces the challenge of maintaining a secure and compliant Kubernetes environment. The organization relies on the ACM cluster to run a variety of critical workloads across multiple namespaces. Security and compliance are top priorities, especially considering the sensitive nature of the data and applications hosted in the cluster.

      Deployments to Investigate

      Only Annotation Needed:

      • [ ] klusterlet-addon-search

      Further Investigation Needed

      • [ ] search-postgres

      Acceptance Criteria

      • [ ] Develop a script capable of automated checks for SCC compliance for all pods within the ACM cluster, spanning multiple namespaces.

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

            jpadilla@redhat.com Jorge Padilla
            dbennett@redhat.com Disaiah Bennett
            Xiang Yin Xiang Yin
            0 Vote for this issue
            2 Start watching this issue