Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11698

[4.13] Modify the PSa pod extractor to mutate pod controller pod specs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 4.11
    • apiserver-auth
    • None
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-7268. The following is the description of the original issue:

      Description of problem:

      When creating a pod controller (e.g. deployment) with pod spec that will be mutated by SCCs, the users might still get a warning about the pod not meeting given namespace pod security level.

      Version-Release number of selected component (if applicable):

      4.11

      How reproducible:

      100%

      Steps to Reproduce:

      1. create a namespace with restricted PSa warning level (the default)
2. create a deployment with a pod with an empty security context

      Actual results:

      You get a warning about the deployment's pod not meeting the NS's pod security admission requirements.

      Expected results:

      No warning if the pod for the deployment would be properly mutated by SCCs in order to fulfill the NS's pod security requirements.

      Additional info:

      originally implemented as a part of https://issues.redhat.com/browse/AUTH-337

       

              slaznick@redhat.com Stanislav Láznička (Inactive)
              openshift-crt-jira-prow OpenShift Prow Bot
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: