Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-392

Shared Resources: Require readOnly: true on Pod Admission

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Normal
    • None
    • None
    • shared-resources
    • Sprint 219, Sprint 220, Sprint 221, Sprint 222, Sprint 223

    Description

      User Story

      As a developer using SharedSecrets and ConfigMaps
      I want to ensure all pods set readOnly; true on admission
      So that I don't have pods stuck in the "Pending" state because of a bad volume mount

      Acceptance Criteria

      • Pods which reference the Shared Resource CSI driver must set readOnly: true on admission.
      • If readOnly: true is not set, or is set to false, the pod should not be created.
      • Appropriate testing in place to verify behavior

      QE Impact

      QE will need to verify the new Pod Admission behavior

      Docs Impact

      Docs will need to ensure that readOnly: true is required and must be set to true.

      PX Impact

      None.

      Attachments

        Issue Links

          is blocked by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. BUILD-405 Install Shared Resource CSIDriver Webhook with Cluster Storage Operator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. BUILD-406 Enhancement Proposal - Validating Webhook for Shared Resource CSI Driver

          • Undefined - Priority not specified.
          • Closed
          is documented by

          Task - Represents a small unit of work that is not end-user facing. RHDEVDOCS-4338 Shared Resources: Require readOnly: true on Pod Admission

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/cluster-storage-operator#288: BUILD-392: Allow shared-resource-csi-driver-operator-clusterrole to operate vali…

          GitHub openshift/csi-driver-shared-resource#103: BUILD-392: Shared Resources: Validate Resource Admission

          GitHub openshift/csi-driver-shared-resource-operator#49: BUILD-392: webhook validation resource admission

          Activity

            People

              jkhelil jawed khelil
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: