Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-42

Investigate PSP++ and SCC coexistence

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Undefined
    • 2021Q3 Plan
    • None
    • None
    • Auth - Sprint 209

    Description

      Upstream introduces Pod Isolation Policies as a replacement of Pod Security Policy, following the sig-auth and sig-security discussions
      in https://docs.google.com/document/d/1dpfDF3Dk4HhbQe74AyCpzUYMjp4ZhiEgGXSMpVWLlqQ/edit?usp=sharing. OpenShift's Security Context Constraints (SCCs) must co-exist with the new upstream concept.

      DoD:

      • investigate PSP++ upstream (done)
      • investigate downstream SCC logic (done)
      • come up with coexistence ideas (done - PoC enabling PodSecurity in openshift is seen below)
      • set up a small meeting for whole auth-team to discuss options (done - Auth Arch meeting Aug 31)
      • write an OEP if necessary (too early, tbd)

      Attachments

        Activity

          People

            surbania Sergiusz Urbaniak (Inactive)
            surbania Sergiusz Urbaniak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: