Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-133

Pod Security Admission integration in OpenShift

XMLWordPrintable

    • Pod Security Admission
    • False
    • False
    • Yellow
    • To Do
    • Impediment
    • 0% To Do, 0% In Progress, 100% Done
    • Hide

      Dev complete as the final origin PRs have merged.  We still need to write a blog post prior to GA and there will be follow-on work in OCP 4.12 for alerts to finish this off.

      Show
      Dev complete as the final origin PRs have merged.  We still need to write a blog post prior to GA and there will be follow-on work in OCP 4.12 for alerts to finish this off.

      Summary (PM+lead)

      https://issues.redhat.com/browse/AUTH-2 revealed that, in prinicipal, Pod Security Admission is possible to integrate into OpenShift while retaining SCC functionality.

       

      This epic is about the concrete steps to enable Pod Security Admission by default in OpenShift

      Motivation (PM+lead)

      Goals (lead)

      • Enable Pod Security Admission in "restricted" policy level by default
      • Migrate existing core workloads to comply to the "restricted" pod security policy level

      Non-Goals (lead)

      • Other OpenShift workloads must be migrated by the individual responsible teams.

      Deliverables

      Proposal (lead)

      Enhancement - https://github.com/openshift/enhancements/pull/1010

      User Stories (PM)

      Dependencies (internal and external, lead)

      Previous Work (lead)

      Open questions (lead)

      1. ...

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

          There are no Sub-Tasks for this issue.

              slaznick@redhat.com Stanislav Láznička (Inactive)
              surbania Sergiusz Urbaniak (Inactive)
              Yash Tripathi Yash Tripathi (Inactive)
              Max Bridges Max Bridges
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: