-
Bug
-
Resolution: Done
-
Undefined
-
4.15.z, 4.17.0, 4.16.z, 4.18.z
-
None
-
No
-
False
-
-
Release Note Not Required
-
In Progress
As per https://issues.redhat.com/browse/OCPBUGS-34795?focusedId=24899358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24899358 , oauth-openshift pods should be pinned to "node-exporter" instead of "privileged". Because we should follow a principle that: grant necessary but least privilege instead of granting the most privileged privilege.
4.17 ~ 4.15 all need reduce the pinning to "node-exporter".
Backport of AUTH-482
- clones
-
OCPBUGS-39114 [4.16.z] SCC pinning for all workloads in platform namespaces (openshift-authentication too privileged)
- Closed