-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.19.0
This is a clone of issue OCPBUGS-54716. The following is the description of the original issue:
—
Description of problem:
Cluster compare tool reports that multiple templates still use security.openshift.io/MinimallySufficientPodSecurityStandard: privileged parameter
Version-Release number of selected component (if applicable):
4.19.0-ec.4
registry-proxy.engineering.redhat.com/rh-osbs/openshift4-ztp-site-generate:v4.19.0-44
How reproducible:
100%
Steps to Reproduce:
1. Deploy cluster
2. Run cluster compare
Actual results:
Differences found in CR: v1_Namespace_openshift-local-storage, Compared To Reference CR: optional/local-storage-operator/StorageNS.yaml
diff -u -N /tmp/MERGED-3395614370/v1_namespace_openshift-local-storage /tmp/LIVE-3436458708/v1_namespace_openshift-local-storage
--- /tmp/MERGED-3395614370/v1_namespace_openshift-local-storage 2025-03-31 20:07:37.473991790 -0400
+++ /tmp/LIVE-3436458708/v1_namespace_openshift-local-storage 2025-03-31 20:07:37.473991790 -0400
@@ -2,5 +2,6 @@
kind: Namespace
metadata:
annotations:
+ security.openshift.io/MinimallySufficientPodSecurityStandard: privileged
workload.openshift.io/allowed: management
name: openshift-local-storage
---
Differences found in CR: v1_Namespace_openshift-logging, Compared To Reference CR: required/cluster-logging/ClusterLogNS.yaml
diff -u -N /tmp/MERGED-964051070/v1_namespace_openshift-logging /tmp/LIVE-3583522758/v1_namespace_openshift-logging
--- /tmp/MERGED-964051070/v1_namespace_openshift-logging 2025-03-31 20:07:37.476991847 -0400
+++ /tmp/LIVE-3583522758/v1_namespace_openshift-logging 2025-03-31 20:07:37.476991847 -0400
@@ -2,6 +2,7 @@
kind: Namespace
metadata:
annotations:
+ security.openshift.io/MinimallySufficientPodSecurityStandard: privileged
workload.openshift.io/allowed: management
labels:
openshift.io/cluster-monitoring: "true"
---
Differences found in CR: v1_Namespace_openshift-ptp, Compared To Reference CR: required/ptp-operator/PtpSubscriptionNS.yaml
diff -u -N /tmp/MERGED-91811619/v1_namespace_openshift-ptp /tmp/LIVE-4089297496/v1_namespace_openshift-ptp
--- /tmp/MERGED-91811619/v1_namespace_openshift-ptp 2025-03-31 20:07:37.483991981 -0400
+++ /tmp/LIVE-4089297496/v1_namespace_openshift-ptp 2025-03-31 20:07:37.483991981 -0400
@@ -2,6 +2,7 @@
kind: Namespace
metadata:
annotations:
+ security.openshift.io/MinimallySufficientPodSecurityStandard: privileged
workload.openshift.io/allowed: management
labels:
openshift.io/cluster-monitoring: "true"
---
Differences found in CR: v1_Namespace_openshift-sriov-network-operator, Compared To Reference CR: required/sriov-operator/SriovSubscriptionNS.yaml
diff -u -N /tmp/MERGED-297422610/v1_namespace_openshift-sriov-network-operator /tmp/LIVE-3542747904/v1_namespace_openshift-sriov-network-operator
--- /tmp/MERGED-297422610/v1_namespace_openshift-sriov-network-operator 2025-03-31 20:07:37.486992039 -0400
+++ /tmp/LIVE-3542747904/v1_namespace_openshift-sriov-network-operator 2025-03-31 20:07:37.486992039 -0400
@@ -2,5 +2,6 @@
kind: Namespace
metadata:
annotations:
+ security.openshift.io/MinimallySufficientPodSecurityStandard: privileged
workload.openshift.io/allowed: management
name: openshift-sriov-network-operator
Expected results:
No deviation should be reported by either updating the template or reference
Additional info:
Original issue was discovered based on source-crs from openshift4-ztp-site-generate:v4.19.0-36, but openshift4-ztp-site-generate:v4.19.0-44 (latest at the time of opening) shows no changes to the mentioned templates
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to
- mentioned on
(5 mentioned on)