Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- te_grp_security

Epic Name:
Pod Security Admission Integration - Restricted Enforcement
Work Type:
BU Product Work
Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Green
Epic Status:
To Do
Feature Link:
OCPSTRAT-487 - Pod Security Admission Integration - Restricted Enforcement
Parent Link:
OCPSTRAT-487Pod Security Admission Integration - Restricted Enforcement
Hierarchy Progress Bar:

17% To Do, 7% In Progress, 77% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Epic Goal

Get Pod Security admission to be run in "restricted" mode globally by default alongside with SCC admission.

causes

JBEAP-24518 Operator isn't compatible with new security standards in upcoming OCP

Closed

is related to

OADP-5031 Make OADP work in restricted Pod Security Standard environment

New

HIVE-2023 Encountered pod security issue when hive to provision cluster.

In Progress

OCPBUGS-2366 SCTP security issues difference from OCP 4.11 to OCP 4.12

Closed

AUTH-202 Communication: write blog post about pod security admission in 4.11

Closed

OTA-784 Check PodSecurityViolation behavior on 4.11 to 4.12 updates

Closed

links to

openshift/azure-disk-csi-driver-operator#127: AUTH-482: set required-scc for openshift workloads

openshift/azure-file-csi-driver-operator#108: AUTH-482: set required-scc for openshift workloads

openshift/cloud-credential-operator#673: AUTH-481: Add PSa labels to openshift-cloud-credential-operator namespace

openshift/cloud-credential-operator#681: AUTH-482: set required-scc for openshift workloads

openshift/cluster-api-provider-alibaba#50: AUTH-482: set required-scc for openshift workloads

openshift/cluster-api-provider-alibaba#57: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/cluster-authentication-operator#656: AUTH-482: set required-scc for openshift workloads

openshift/cluster-authentication-operator#675: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/cluster-autoscaler-operator#315: AUTH-482: set required-scc for openshift workloads

openshift/cluster-autoscaler-operator#332: [release-4.15] OCPBUGS-41798 [AUTH-482](https://issues.redhat.com//browse/AUTH-482): set required-scc for openshift workloads

openshift/cluster-baremetal-operator#407: AUTH-482: set required-scc for openshift workloads

openshift/cluster-baremetal-operator#433: [release-4.16] AUTH-482: set required-scc for openshift workloads

openshift/cluster-config-operator#401: OCPBUGS-28621: Add required PSa labels

openshift/cluster-config-operator#407: AUTH-481: Add missing PSa labels

openshift/cluster-config-operator#410: AUTH-482: set required-scc for openshift workloads

openshift/cluster-control-plane-machine-set-operator#282: AUTH-482: set required-scc for openshift workloads

openshift/cluster-control-plane-machine-set-operator#326: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/cluster-csi-snapshot-controller-operator#196: AUTH-482: set required-scc for openshift workloads

openshift/cluster-dns-operator#404: AUTH-481: Add PSa labels to openshift-dns-operator namespace

openshift/cluster-image-registry-operator#1008: AUTH-482: set required-scc for openshift workloads

openshift/cluster-ingress-operator#1025: [WIP] AUTH-481: Add PSa labels to openshift namespaces

openshift/cluster-ingress-operator#1031: AUTH-482: set required-scc for openshift workloads

openshift/cluster-kube-controller-manager-operator#792: AUTH-481: Add PSa labels to openshift namespaces

openshift/cluster-kube-storage-version-migrator-operator#104: AUTH-481: add PSa labels to openshift namespaces

openshift/cluster-kube-storage-version-migrator-operator#107: AUTH-482: set required-scc for openshift workloads

openshift/cluster-monitoring-operator#2256: AUTH-481: add PSa labels to openshift-user-workload-monitoring namespace

openshift/cluster-monitoring-operator#2335: AUTH-482: set required-scc for openshift workloads

openshift/cluster-monitoring-operator#2497: [WIP]: AUTH-482: set required-scc for openshift workloads #2335

openshift/cluster-monitoring-operator#2498: AUTH-482: set required-scc for openshift workloads

openshift/cluster-monitoring-operator#2499: [WIP]: AUTH-482: set required-scc for openshift workloads

openshift/cluster-network-operator#2250: AUTH-481: Add PSa labels to openshift namespaces

openshift/cluster-network-operator#2282: AUTH-482: set required-scc for openshift workloads

openshift/cluster-network-operator#2490: [release-4.17] AUTH-482: set required-scc for openshift workloads

openshift/cluster-network-operator#2496: [release-4.16] AUTH-482: set required-scc for openshift workloads

openshift/cluster-node-tuning-operator#968: AUTH-482: set required-scc for openshift workloads

openshift/cluster-olm-operator#54: AUTH-482: set required-scc for openshift workloads

openshift/cluster-olm-operator#61: [release-4.15] OCPBUGS-37395: manifests: set required-scc for openshift workloads

openshift/cluster-openshift-apiserver-operator#571: AUTH-481: Add PSa labels to openshift-apiserver-operator namespace

openshift/cluster-openshift-apiserver-operator#573: AUTH-482: Set required-scc for openshift workloads

openshift/cluster-openshift-controller-manager-operator#329: AUTH-481: Add PSa labels to openshift-controller-manager-operator namespace

openshift/cluster-openshift-controller-manager-operator#336: AUTH-482: set required-scc for openshift workloads

openshift/cluster-samples-operator#533: AUTH-481: Add PSa labels to openshift-cluster-samples-operator namespace

openshift/cluster-samples-operator#535: AUTH-482: set required-scc for openshift workloads

openshift/cluster-storage-operator#452: AUTH-481: Add PSa labels to openshift-cluster-storage-operator namespace

openshift/cluster-storage-operator#459: AUTH-482: set required-scc for openshift workloads

openshift/cluster-storage-operator#516: AUTH-482: set required-scc for openshift workloads

openshift/cluster-storage-operator#524: AUTH-482: set required-scc for openshift workloads

openshift/cluster-version-operator#1038: AUTH-482: set required-scc for openshift workloads

openshift/configure-alertmanager-operator#366: AUTH-482: set required-scc for openshift workloads

openshift/console-operator#858: AUTH-481: Add PSa labels to console namespaces

openshift/console-operator#871: AUTH-482: set required-scc for openshift workloads

openshift/console-operator#908: [release-4.16] AUTH-482: set required-scc for openshift workloads

openshift/csi-driver-manila-operator#234: AUTH-482: set required-scc for openshift workloads

openshift/csi-driver-shared-resource-operator#118: AUTH-482: set required-scc for openshift workloads

openshift/csi-operator#170: AUTH-482: set required-scc for openshift workloads

openshift/csi-operator#306: AUTH-482: set required-scc for openshift workloads

openshift/gcp-pd-csi-driver-operator#131: AUTH-482: set required-scc for openshift workloads

openshift/hypershift#5310: AUTH-482: set required-scc for openshift workloads

openshift/ibm-powervs-block-csi-driver-operator#75: AUTH-482: set required-scc for openshift workloads

openshift/ibm-vpc-block-csi-driver-operator#135: AUTH-482: set required-scc for openshift workloads

openshift/insights-operator#903: AUTH-481: Add PSa labels to openshift-insights namespace

openshift/insights-operator#915: AUTH-482: set required-scc for openshift workloads

openshift/insights-operator#1026: AUTH-482: set required-scc for openshift workloads

openshift/insights-operator#1033: AUTH-482: set required-scc for dataGahtering jobs & pods

openshift/insights-operator#1041: [release-4.18] AUTH-482: set required-scc for dataGahtering jobs & pods

openshift/insights-operator#1049: [release-4.17] AUTH-482: set required-scc for dataGahtering jobs & pods

openshift/kubevirt-csi-driver-operator#6: AUTH-482: set required-scc for openshift workloads

openshift/machine-api-operator#1220: AUTH-482: set required-scc for openshift workloads

openshift/machine-api-operator#1288: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/machine-api-operator#1308: AUTH-482: set required-scc for openshift workloads

openshift/machine-api-operator#1311: [release-4.18] AUTH-482: set required-scc for openshift workloads

openshift/machine-api-operator#1317: scc fix

openshift/machine-api-provider-nutanix#73: AUTH-482: set required-scc for openshift workloads

openshift/machine-api-provider-nutanix#81: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/machine-config-operator#4219: AUTH-482: set required-scc for openshift workloads

openshift/machine-config-operator#4384: [release-4.16] AUTH-482: set required-scc for openshift workloads

openshift/machine-config-operator#4504: AUTH-482: set required-scc for openshift workloads

openshift/machine-config-operator#4636: AUTH-482: set required-scc for openshift workloads

openshift/managed-cluster-config#2298: AUTH-482: set required-scc for openshift workloads

openshift/metallb-operator#235: [WIP]:AUTH-482: set required-scc for openshift workloads

openshift/metallb-operator#238: AUTH-482: set required-scc for openshift workloads

openshift/metallb-operator#240: [release-4.17] AUTH-482: set required-scc for openshift workloads

openshift/metallb-operator#241: [WIP]: AUTH-482: set required-scc for openshift workloads

openshift/oadp-operator#1555: sample-apps: handle restricted podsecurityadmission default in 4-dev-preview/4.19

openshift/oc#1763: AUTH-482: set required-scc annotation to privileged for node debug pods

openshift/operator-framework-catalogd#50: AUTH-482: set required-scc for openshift workloads

openshift/operator-framework-olm#685: WIP: AUTH-481: add PSa labels to openshift namespaces

openshift/operator-framework-olm#703: AUTH-482: set required-scc for openshift workloads

openshift/operator-framework-operator-controller#100: AUTH-482: set required-scc for openshift workloads

openshift/operator-framework-rukpak#92: [WIP] AUTH-482: set required-scc for openshift workloads

openshift/origin#28572: AUTH-480: Add monitor tests for PSa labels of openshift prefixed namespaces

openshift/origin#28589: AUTH-483: Add a monitor test to check the existence of required-scc annotation in platform workloads

openshift/release#56579: AUTH-482: set required-scc for openshift workloads

openshift/release#59430: STOR-1847: Extended Windows-based SMB csi jobs

openshift/service-ca-operator#233: AUTH-481: Add PSa labels to service-ca namespaces

openshift/service-ca-operator#235: AUTH-482: set required-scc for openshift workloads

openshift/service-ca-operator#243: [release-4.15] AUTH-482: set required-scc for openshift workloads

openshift/sriov-network-operator#971: AUTH-482: set required-scc for openshift workloads

openshift/vmware-vsphere-csi-driver-operator#265: AUTH-482: set required-scc for openshift workloads

(1 is related to, 99 links to)

1.	Docs Tracker		Closed		Andrea Hoffer
2.	PX Tracker		Closed		Eric Rich
3.	QE Tracker		Closed		Giriyamma Karagere Ramaswamy (Inactive)
4.	TE Tracker		Closed		Eric Rich

Assignee:: Krzysztof Ostrowski

Reporter:: Wallace Lewis

QA Contact:: Xingxing Xia

Doc Contact:: Courtney Bippley

Votes:: 1 Vote for this issue

Watchers:: 46 Start watching this issue

Created:: 2022/06/29 12:45 AM

Updated:: 2024/12/19 1:55 PM