Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done-Errata
Fix Version/s: CNV v4.12.0
Affects Version/s: None
Component/s: CNV Network
Labels:
- cnv-4+
- cnvbugsm
- devel_ack+
- pm_ack+
- qa_ack+
- qe_test_coverage?

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
BZ Status:
CLOSED
BZ URL:
https://bugzilla.redhat.com/show_bug.cgi?id=2133543
Bugzilla Bug:
RHBZ: 2133543
Release Note Type:
If Release Note Needed, Set a Value
Release Note Status:
Set a Value
[QE] How to address?:
---
[QE] Why QE missed?:
---

Sprint:
CNV-net-QE-230
Severity:
Medium

SFDC Cases Links:
SFDC Cases Counter:

Description

Description of problem:
-----------------------
Test run[1] that looks for 'pod security violation entries' in audit logs,against 4.11.1-20, found few audit violation.

[1] - https://main-jenkins-csb-cnvqe.apps.ocp-c1.prod.psi.redhat.com/view/cnv-tests%20runner/job/cnv-tests-runner/4297/consoleFull.

This bug is to fix violation in 'kube-rbac-proxy' container.

<snip>
'pod-security.kubernetes.io/audit-violations': 'would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "manager", "kube-rbac-proxy" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "manager", "kube-rbac-proxy" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "manager", "kube-rbac-proxy" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "manager", "kube-rbac-proxy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")'}}
</snip>

Version-Release number of selected component (if applicable):
-------------------------------------------------------------
4.11.1-20

How reproducible:
-----------------
Always

Expected results:
-----------------
No audit-violation to be found