Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: 4.20.0
Affects Version/s: 4.20
Component/s: HyperShift
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:

4.20
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Several manual PRs have been done in different releases to change the PodSecurityConfiguration, e.g.
https://github.com/openshift/hypershift/pull/6201/files#diff-3157786f251d6717e0b177770ccf2efff8cf235eeec0f43bca7d5488e543af28R119

Standalone renders this depending on the gate status https://github.com/openshift/cluster-kube-apiserver-operator/blob/main/pkg/operator/configobservation/auth/podsecurityadmission.go#L67-L71
HCP should implement the same behaviour.

This is specially true since 4.19 hcp renders gates on the fly via CCO.

is caused by

OCPBUGS-56777 Don't enforce restricted PSA for 4.19 hosted cluster

Closed

links to

openshift/hypershift#6213: OCPBUGS-56814: Kas config render from gate

Assignee:: Unassigned

Reporter:: Alberto Garcia Lamela

Need Info From:: None

Contributors:: None

QA Contact:: XiuJuan Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/05/28 4:03 PM

Updated:: 2025/09/19 6:04 PM