Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7267

[AUTH-262 epic story] [Enhancement] Modify the PSa pod extractor to mutate pod controller pod specs

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Blocker
    • 4.14.0
    • 4.11
    • apiserver-auth
    • None
    • Auth - Sprint 232, Auth - Sprint 233, Auth - Sprint 234
    • 3
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • When creating a pod controller (e.g. Deployment, StatefulSet), you should no longer get warning about pod security violations if the pod controller would create pods that don't violate pod security in that namespace.
    • Enhancement
    • Done

    Description

      Description of problem:

      When creating a pod controller (e.g. deployment) with pod spec that will be mutated by SCCs, the users might still get a warning about the pod not meeting given namespace pod security level.

      Version-Release number of selected component (if applicable):

      4.11

      How reproducible:

      100%

      Steps to Reproduce:

      1. create a namespace with restricted PSa warning level (the default)
      2. create a deployment with a pod with an empty security context
      

      Actual results:

      You get a warning about the deployment's pod not meeting the NS's pod security admission requirements.

      Expected results:

      No warning if the pod for the deployment would be properly mutated by SCCs in order to fulfill the NS's pod security requirements.

      Additional info:

      originally implemented as a part of https://issues.redhat.com/browse/AUTH-337

       

      Attachments

        Issue Links

          Activity

            People

              slaznick@redhat.com Stanislav Laznicka
              slaznick@redhat.com Stanislav Laznicka
              Giriyamma Karagere Ramaswamy Giriyamma Karagere Ramaswamy (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: