-
Story
-
Resolution: Unresolved
-
Major
-
None
-
Product / Portfolio Work
-
3
-
False
-
-
False
-
Not Selected
-
ToDo
-
-
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
None
- https://access.redhat.com/support/cases/#/case/04158280
- https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1710-selinux-relabeling
- https://issues.redhat.com/browse/OCPSTRAT-1148
- https://github.com/openshift/api/pull/2212
- https://issues.redhat.com/browse/RFE-3327
- https://issues.redhat.com/browse/OCPSTRAT-1639
- https://access.redhat.com/articles/7087028
Michael Fruchtman
@whayutin Besides the ReadWriteOncePod in 4.16. There is an upcoming improvement in SELinux labeling you should know about. Right now it is only developer preview which makes it non-viable for prod clusters. But it is coming. https://access.redhat.com/articles/7087028It will require the Velero SCC to not be privileged or use an alternative ServiceAccount with anyuid for the pods that mount the backup PVCs. As this is Openshift only. No Velero issue will be opened to address it. (edited)