-
Task
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
None
-
False
-
-
For QE:
Manual test
Scenario 1: restrictive PSS labels are applied to default ArgoCD instance namespace i.e openshift-gitops
- Install gitops-operator 1.15.0
- Verify following labels are added automatically on `openshift-gitops` namespace
"pod-security.kubernetes.io/enforce": "restricted", "pod-security.kubernetes.io/enforce-version": "v1.29", "pod-security.kubernetes.io/audit": "restricted", "pod-security.kubernetes.io/audit-version": "latest", "pod-security.kubernetes.io/warn": "restricted", "pod-security.kubernetes.io/warn-version": "latest",
- Update label value
- The updated lablel value should be reset to original value
Scenario 2: restrictive PSS labels are not applied to non-default ArgoCD instance namespace
- Install gitops-operator 1.15.0
- Create a new ArgoCD instance in any namespace other than `openshift-gitops`
- Verify following labels are not added on the non-default namespace where ArgoCD is installed
"pod-security.kubernetes.io/enforce": "restricted", "pod-security.kubernetes.io/enforce-version": "v1.29",
Upgrade Test
Scenario 1: Upgrade from 1.12 to 1.15
- Install 1.12 gitops
- Create a new ArgoCD instance in any namespace other than `openshift-gitops`
- Verify PSS labels are not present on both `openshift-gitops` and non default ArgoCD namespace
- Upgrade to 1.15
- Verify PSS labels are only present on `openshift-gitops`. Below labels should not be added on non-default ArgoCD namespace
"pod-security.kubernetes.io/enforce": "restricted", "pod-security.kubernetes.io/enforce-version": "v1.29",
- is related to
-
GITOPS-5221 Pod Security Admission labels not applied on openshift-gitops namespace on upgrade
-
- Closed
-
