Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.14.0
Affects Version/s: 4.14.0
Component/s: Networking / ovn-kubernetes
Labels:
None

Severity:
Important
Regression:
No
Sprint:
SDN Sprint 243
sprint_count:
1
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-20104. The following is the description of the original issue:
—
Description of problem:

The recently introduced node identify feature introduces pods that are running as root. While it's understood there may be situations where that is absolutely required, the goal should be to always run with least privilege / non-root.

Version-Release number of selected component (if applicable):

How reproducible:

100%

Steps to Reproduce:

1. Deploy an IBM Managed OpenShift 4.14.0 cluster. I suspect any OpenShift 4.14.0 cluster will have these pods running as root as well.

Actual results:

network-node-identity pods are running as root

Expected results:

network-node-identity pods should be running as non-root

Additional info:

Due to the introduction of these pods running as root in an IBM Managed OpenShift 4.14.0 cluster, we will have to file for a security exception.

links to

openshift/cluster-network-operator#2054: OCPBUGS-20184: [release-4.14]: Don't run network node identity as root

RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

Assignee:: Jaime Caamaño Ruiz

Reporter:: OpenShift Prow Bot

QA Contact:: Arti Sood

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/10/06 12:36 PM

Updated:: 2023/11/07 7:03 PM

Resolved:: 2023/10/31 1:44 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates