Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.18
Component/s: apiserver-auth
Labels:
- UpdateRecommendationsBlocked
- UpgradeBlocker

Severity:
Critical
Regression:
No
Release Blocker:
Approved
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.18

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-26466~~ but the description is modified for 4.18.
—

Description of problem:

We shouldn't enforce PSa in 4.18, neither by label sync, neither by global cluster config.

Version-Release number of selected component (if applicable):

4.18

How reproducible:

100%

Steps to Reproduce:

As a cluster admin:
1. create two new namespaces/projects: pokus, openshift-pokus
2. as a cluster-admin, attempt to create a privileged pod in both the namespaces from 1.

Actual results:

pod creation is blocked by pod security admission

Expected results:

only a warning about pod violating the namespace pod security level should be emitted

Additional info:

clones

OCPBUGS-26466 [4.16] don't enforce PSa in 4.16

Closed

depends on

OCPBUGS-45916 [4.19] Maybe enforce PSa

Closed

is depended on by

OCPBUGS-45600 HyperShift should enforce privileged PSA by default in 4.18

is triggering

OCPBUGS-45600 HyperShift should enforce privileged PSA by default in 4.18

links to

openshift/api#2120: OCPBUGS-45309: disable pod security admission by default in 4.18

Assignee:: Bryce Palmer

Reporter:: Xingxing Xia

QA Contact:: Xingxing Xia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/12/03 9:29 AM

Updated:: 2024/12/13 3:56 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates