-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.12.0
-
None
-
Critical
-
None
-
2
-
CMP Sprint 57, CMP Sprint 58
-
2
-
Proposed
-
False
-
Description of problem:
When using a profilerecorder with mergeStrategy=containers we expect the number of merged policies to be equal the number of containers in the recorded app. That was not the case though and SPO always created one per-pod policy
Version-Release number of selected component (if applicable):
0.5.0 and later
How reproducible:
always
Steps to Reproduce:
1. create a profileRecording with mergeStrategy=containers like this one: apiVersion: security-profiles-operator.x-k8s.io/v1alpha1 kind: ProfileRecording metadata: name: test-recording namespace: mytest spec: kind: SelinuxProfile recorder: logs mergeStrategy: containers podSelector: matchLabels: app: hello-openshift 2. create a deployment apiVersion: apps/v1 kind: Deployment metadata: name: hello-openshift namespace: mytest spec: replicas: 3 selector: matchLabels: app: hello-openshift template: metadata: labels: app: hello-openshift spec: serviceAccountName: spo-record-sa initContainers: - name: wait image: quay.io/openshifttest/centos:centos7 command: ["/bin/sh", "-c", "env"] containers: - name: hello-openshift image: quay.io/openshifttest/hello-openshift:multiarch ports: - containerPort: 8080 readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 5 periodSeconds: 5 - name: hello-openshift2 image: quay.io/openshifttest/hello-openshift:multiarch-fedora ports: - containerPort: 8081 readinessProbe: tcpSocket: port: 8081 initialDelaySeconds: 5 periodSeconds: 5 3. wait until the deployment is ready, then delete the deployment, then delete the recording
Actual results:
one policy is merged called test-recording-hello-openshift
Expected results:
two policies are merged called test-recording-hello-openshift and test-recording-hello-openshift2
Additional info:
- links to
- mentioned on
