-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.11
-
None
-
None
-
Auth - Sprint 232, Auth - Sprint 233, Auth - Sprint 234
-
3
-
Rejected
-
False
-
-
When creating a pod controller (e.g. Deployment, StatefulSet), you should no longer get warning about pod security violations if the pod controller would create pods that don't violate pod security in that namespace.
-
Enhancement
-
Done
Description of problem:
When creating a pod controller (e.g. deployment) with pod spec that will be mutated by SCCs, the users might still get a warning about the pod not meeting given namespace pod security level.
Version-Release number of selected component (if applicable):
4.11
How reproducible:
100%
Steps to Reproduce:
1. create a namespace with restricted PSa warning level (the default) 2. create a deployment with a pod with an empty security context
Actual results:
You get a warning about the deployment's pod not meeting the NS's pod security admission requirements.
Expected results:
No warning if the pod for the deployment would be properly mutated by SCCs in order to fulfill the NS's pod security requirements.
Additional info:
originally implemented as a part of https://issues.redhat.com/browse/AUTH-337
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- relates to
-
AUTH-337 Modify the PSa pod extractor to mutate pod controller pod specs
-
- Closed
-
- links to
-
RHEA-2023:5006
rpm