Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36199

[4.15.z] SCC pinning for all workloads in platform namespaces (openshift-authentication too privileged)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • 4.15.z
    • 4.15.z, 4.17.0, 4.16.z
    • apiserver-auth
    • None
    • No
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      As per https://issues.redhat.com/browse/OCPBUGS-34795?focusedId=24899358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24899358 , oauth-openshift pods should be pinned to "node-exporter" instead of "privileged". Because we should follow a principle that: grant necessary but least privilege instead of granting the most privileged privilege.

      4.17 ~ 4.15 all need reduce the pinning to "node-exporter".

      Backport of AUTH-482

            rh-ee-irinis Ilias Rinis
            xxia-1 Xingxing Xia
            Xingxing Xia Xingxing Xia
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: