Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-132

SCC protection mechanisms

    XMLWordPrintable

Details

    • SCC protection
    • False
    • False
    • OCPSTRAT-694Ability to choose SCC for workload so as to avoid SCC preemption
    • To Do
    • OCPSTRAT-694 - Ability to choose SCC for workload so as to avoid SCC preemption
    • 100
    • 100% 100%

    Description

      Summary (PM+lead)

      Currently, SCCs are part of the OpenShift API and are subject to modifications by customers. This leads to a constant stream of issues:

      • Modifications of out-of-the-box SCCs may cause core workloads to malfunction
      • Addition of new higher priority SCCs may overrule existing pinned out-of-the-box SCCs during SCC admission and cause core workloads to malfunction

      We need to find and implement schemes to protect core workloads while retaining the API guarantee for modifications of SCCs (unfortunately).

      Motivation (PM+lead)

      Goals (lead)

      Non-Goals (lead)

      Deliverables

      Proposal (lead)

      User Stories (PM)

      Dependencies (internal and external, lead)

      Previous Work (lead)

      Open questions (lead)

      1. ...

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

      Attachments

        1.
        TE Tracker Sub-task Closed Undefined Eric Rich
        2.
        PX Tracker Sub-task Closed Undefined Eric Rich
        3.
        Docs Tracker Sub-task Closed Undefined Unassigned
        4.
        QE Tracker Sub-task Closed Undefined Unassigned

        Activity

          People

            surbania Sergiusz Urbaniak (Inactive)
            surbania Sergiusz Urbaniak (Inactive)
            Deepak Punia Deepak Punia
            Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: