-
Bug
-
Resolution: Done
-
Critical
-
4.14
-
No
-
Hypershift Sprint 243, Hypershift Sprint 244
-
2
-
Rejected
-
False
-
Description of problem:
[Hypershift] KAS labels on projects created should be consistent with OCP
enforce: privileged
Version: 4.14.0-0.nightly-2023-10-10-084534
How reproducible: Always
Steps to Reproduce:
1. Install OCP cluster and hypershift operator
2. Create hosted cluster
3. Create a test project on hosted cluster
Actual results:
The hosted cluster KAS labels on the test project is 'enforce: restricted' $ oc new-project test1 --kubeconfig=guest.kubeconfig $ oc get ns test1 -oyaml --kubeconfig=guest.kubeconfig ... labels: kubernetes.io/metadata.name: test1 pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/audit-version: v1.24 pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: v1.24 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: v1.24 name: test1 ...
Expected results:
The hosted cluster KAS labels on projects should be "enforce: privileged" as Managent cluster KAS labels on projects created is "enforce: privileged"
Management cluster:
$ oc new-project test
$ oc get ns test -oyaml
...
labels:
kubernetes.io/metadata.name: test
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: v1.24
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: v1.24
name: test
...
- blocks
-
-
- Closed
-
- depends on
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- links to