Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35369

[4.16][HyperShift] don't enforce PSa in 4.16

XMLWordPrintable

    • Critical
    • No
    • Hypershift Sprint 255
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      This is a clone of issue OCPBUGS-35252. The following is the description of the original issue:

      Clone of original bug to ensure the change is made in HyperShift

       

      Description of problem:

      We shouldn't enforce PSa in 4.16, neither by label sync, neither by global cluster config.

      Version-Release number of selected component (if applicable):

      4.16

      How reproducible:

      100%

      Steps to Reproduce:

      As a cluster admin:
1. create two new namespaces/projects: pokus, openshift-pokus
2. as a cluster-admin, attempt to create a privileged pod in both the namespaces from 1.

      Actual results:

      pod creation is blocked by pod security admission

      Expected results:

      only a warning about pod violating the namespace pod security level should be emitted

      Additional info:

       

            skuznets@redhat.com Steve Kuznetsov
            openshift-crt-jira-prow OpenShift Prow Bot
            Jie Zhao Jie Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: