Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Pod Security Admission Integration - Restricted Enforcement
Feature Link:
OCPSTRAT-487 - Pod Security Admission Integration - Restricted Enforcement
Intelligence Requested:
Market:

Sprint:
Auth - Sprint 230, Auth - Sprint 231, Auth - Sprint 232, Auth - Sprint 233, Auth - Sprint 234

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Modify the PodSecurityViolation alert to show namespace information. To prevent cardinality explosion on the namespace label, only limit the values of the label to platform namespaces ("openshift", "default", "kube-").

This will also need a carry patch in o/k

links to

openshift/cluster-kube-apiserver-operator#1435: AUTH-336: PSA Violation alert: add ocp_namespace label

openshift/kubernetes#1454: AUTH-336: UPSTREAM: <carry>: PSa metrics: log platform namespaces in audit denies

openshift/kubernetes#1489: AUTH-336: UPSTREAM: <carry>: PSa metrics: unset ocp_namespace on non-platform n…

Assignee:: Stanislav Láznička

Reporter:: Stanislav Láznička

QA Contact:: Giriyamma Karagere Ramaswamy (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/01/17 10:55 AM

Updated:: 2023/06/08 7:24 AM

Resolved:: 2023/04/03 9:41 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates