Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: node
Labels:
- doc-ack
- groomed
- qe-ack
- stale

Story Points:
8
Blocked:
True
Blocked Reason:
This story is blocked by https://issues.redhat.com/browse/COS-1360
Ready:
False
Epic Link:
NodeObservability-GA

Target Version:

openshift-4.11

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Overview

This body of work is derived from the spike please refer to this story https://issues.redhat.com/browse/CFE-384

Tasks

Well documented README - describing how to deploy SPO
Ensure that the node-observability-operator deploys normally
- Update the SCC
- ```
allowPrivilegedContainer: false
```

Ensure that this section is removed from the daemonset

SecurityContext: &corev1.SecurityContext{
  Privileged: &privileged,
},

Implement the logic to check for the SPO (fully operational)
Implement the logic to create the RawSeLinuxProfile CR
Validate that the nodes have been updated accordingly
Ensure the daemonset (and agents) deploy correctly
Delete all references to the SPO and CR before allowing profiling to start
Ensure E2E tests are updated with the dependency of the SPO and RawSeLinuxProfile CR

Acceptance Criteria

Documentation approval
QE approval
All unit tests passing
Updated E2E tests
CI (prow) step updated with SPO dependency and CR

clones

CFE-384 [R&D] As a developer I want to investigate the use of the openshift security-profile-operator to deploy custom SELinux scripts into each node so that I can mitigate the need for executing a container as privileged

Closed

Assignee:: Luigi Mario Zuccarelli

Reporter:: Luigi Mario Zuccarelli

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/04/07 3:00 PM

Updated:: 2023/07/10 12:57 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates