-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.19
-
Critical
-
Yes
-
Approved
-
False
-
-
Release Note Not Required
-
In Progress
Description of problem:
PSA is enabled in 4.19
Version-Release number of selected component (if applicable):
4.19.0-rc
How reproducible:
Always
Steps to Reproduce:
1. Create a namespace
2. pod-security.kubernetes.io/enforce is being set
and
1. Run: oc -n openshift-kube-apiserver get cm config -ojson | jq .data | rg config | awk '{ print $2 }' | sed 's/\\//g' | sed 's/"$//g' | sed 's/^"//g' | jq '.admission.pluginConfig.PodSecurity.configuration.defaults'
Actual results:
pod-security.kubernetes.io/enforce is being set
and
{
"audit": "restricted",
"audit-version": "latest",
"enforce": "restricted",
"enforce-version": "latest",
"warn": "restricted",
"warn-version": "latest"
}
Expected results:
pod-security.kubernetes.io/enforce should not be set
or
{
"audit": "restricted",
"audit-version": "latest",
"enforce": "privileged",
"enforce-version": "latest",
"warn": "restricted",
"warn-version": "latest"
}
Additional info:
We need to disable the feature flag.
- depends on
-
-
- New
-
- is cloned by
-
-
- New
-
-
-
- Closed
-
- links to
-
RHEA-2024:11038
OpenShift Container Platform 4.19.z bug fix update