Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Undefined
Fix Version/s: 4.18.z
Affects Version/s: 4.15.z, 4.17.0, 4.16.z, 4.18.z
Component/s: apiserver-auth
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.18.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

As per https://issues.redhat.com/browse/OCPBUGS-34795?focusedId=24899358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24899358 , oauth-openshift pods should be pinned to "node-exporter" instead of "privileged". Because we should follow a principle that: grant necessary but least privilege instead of granting the most privileged privilege.

4.17 ~ 4.15 all need reduce the pinning to "node-exporter".

Backport of AUTH-482

clones

OCPBUGS-34795 [4.15.z] SCC pinning for all workloads in platform namespaces

Closed

is cloned by

OCPBUGS-39113 [4.15.z] SCC pinning for all workloads in platform namespaces (openshift-authentication too privileged)

Closed

Assignee:: Anya Kramar

Reporter:: Xingxing Xia

QA Contact:: Xingxing Xia

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/06/26 7:06 AM

Updated:: 2024/08/30 8:53 AM

Resolved:: 2024/08/29 2:53 PM