-
Bug
-
Resolution: Done
-
Normal
-
4.15
-
-
-
Important
-
No
-
False
-
-
-
-
Description of problem:
Starting with OpenShift Container Platform 4.15, all features to implement/use https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#efficient-selinux-volume-relabeling are now available (at least in Technoloy Preview) and could be used to achieve efficient SELinux relabling for ReadWriteOncePod volumes. Unfortuantely this key feature is missing in OpenShift Container Platform 4.15 documentation and release notes and we are therefore requesting this to be added to attract customers to use this approach and hence align with upsteram efforts. Beside a notification in the Release Notes, it's expected to have a short explanation in OpenShift Container Platform 4.15 and later explaining how to utilize it for application developers. Similar to what is available in the upstream documentation but focusing on the developer part as the platform part is covered and automatically available.
Version-Release number of selected component (if applicable):
OpenShift Container Platform 4.15
How reproducible:
Always
Steps to Reproduce:
1. N/A
Actual results:
No information available that https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#efficient-selinux-volume-relabeling could be used, starting with OpenShift Container Platform 4.15 and later (not sure whether it should be marked Technology Preview or not)
Expected results:
Release Notes to highlight that https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#efficient-selinux-volume-relabeling is available for ReadWriteOncePod and to cover in some pages how to use it when being application developer (what settings to apply in the Deployment)
Additional info:
This should support the effort tracked in https://access.redhat.com/solutions/6221251 but given it's now aligned with upstream, the information below in OpenShift Container Platform 4 - Documentation
- is related to
-
STOR-1173 Upstream Beta: SELinux relabeling using mount options (TP)
- Closed