-
Bug
-
Resolution: Done-Errata
-
Critical
-
None
-
4.14
-
No
-
Rejected
-
False
-
Description of problem:
[Hypershift] KAS labels on projects created should be consistent with OCP
enforce: privileged
Version: 4.14.0-0.nightly-2023-10-10-084534
How reproducible: Always
Steps to Reproduce:
1. Install OCP cluster and hypershift operator
2. Create hosted cluster
3. Create a test project on hosted cluster
Actual results:
The hosted cluster KAS labels on the test project is 'enforce: restricted' $ oc new-project test1 --kubeconfig=guest.kubeconfig $ oc get ns test1 -oyaml --kubeconfig=guest.kubeconfig ... labels: kubernetes.io/metadata.name: test1 pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/audit-version: v1.24 pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: v1.24 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: v1.24 name: test1 ...
Expected results:
The hosted cluster KAS labels on projects should be "enforce: privileged" as Managent cluster KAS labels on projects created is "enforce: privileged"
Management cluster:
$ oc new-project test
$ oc get ns test -oyaml
...
labels:
kubernetes.io/metadata.name: test
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: v1.24
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: v1.24
name: test
...
- clones
-
OCPBUGS-20526 [HCP] PSA labels on namespaces in HyperShift guest cluster enforce "restricted" while OCP of same version is good without such issue
- Closed
- is depended on by
-
OCPBUGS-20526 [HCP] PSA labels on namespaces in HyperShift guest cluster enforce "restricted" while OCP of same version is good without such issue
- Closed
- links to
-
RHEA-2023:7198 rpm