Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.14.0
Affects Version/s: 4.14
Component/s: apiserver-auth
Labels:
- UpdateRecommendationsBlocked
- UpgradeBlocker

Severity:
Critical
Regression:
No
Sprint:
Auth - Sprint 241, Auth - Sprint 242
sprint_count:
2
Release Blocker:
Approved
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

We shouldn't enforce PSa in 4.14, neither by label sync, neither by global cluster config.

Version-Release number of selected component (if applicable):

4.14

How reproducible:

100%

Steps to Reproduce:

As a cluster admin:
1. create two new namespaces/projects: pokus, openshift-pokus
2. as a cluster-admin, attempt to create a privileged pod in both the namespaces from 1.

Actual results:

pod creation is blocked by pod security admission

Expected results:

only a warning about pod violating the namespace pod security level should be emitted

Additional info:

clones

OCPBUGS-8710 [4.13] don't enforce PSa in 4.13

Closed

is cloned by

OCPBUGS-26441 [4.15] don't enforce PSa in 4.15

Closed

links to

openshift/api#1575: OCPBUGS-16726: psa - move into tech preview for 4.14

openshift/cluster-config-operator#354: OCPBUGS-16726: psa - move into tech preview for 4.14

RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

Assignee:: Krzysztof Ostrowski

Reporter:: Stanislav Láznička (Inactive)

QA Contact:: Giriyamma Karagere Ramaswamy (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 18 Start watching this issue

Created:: 2023/07/25 7:24 AM

Updated:: 2024/04/29 4:59 PM

Resolved:: 2023/10/31 1:43 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates