-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.11
-
None
-
None
-
Auth - Sprint 232, Auth - Sprint 233, Auth - Sprint 234
-
3
-
Rejected
-
False
-
-
When creating a pod controller (e.g. Deployment, StatefulSet), you should no longer get warning about pod security violations if the pod controller would create pods that don't violate pod security in that namespace.
-
Enhancement
-
Done
Description of problem:
When creating a pod controller (e.g. deployment) with pod spec that will be mutated by SCCs, the users might still get a warning about the pod not meeting given namespace pod security level.
Version-Release number of selected component (if applicable):
4.11
How reproducible:
100%
Steps to Reproduce:
1. create a namespace with restricted PSa warning level (the default) 2. create a deployment with a pod with an empty security context
Actual results:
You get a warning about the deployment's pod not meeting the NS's pod security admission requirements.
Expected results:
No warning if the pod for the deployment would be properly mutated by SCCs in order to fulfill the NS's pod security requirements.
Additional info:
originally implemented as a part of https://issues.redhat.com/browse/AUTH-337
- blocks
-
OCPBUGS-7268 [4.13] Modify the PSa pod extractor to mutate pod controller pod specs
- Closed
-
SRVKS-985 Controller and autoscaler throwing warnings about pod security policy
- Closed
- is cloned by
-
OCPBUGS-7268 [4.13] Modify the PSa pod extractor to mutate pod controller pod specs
- Closed
- is duplicated by
-
OCPBUGS-8697 pod-security.kubernetes.io/audit-violations Events reported for OpenShift Pipelines even though the pods are all correctly configured
- Closed
- relates to
-
AUTH-337 Modify the PSa pod extractor to mutate pod controller pod specs
- Closed
- links to
-
RHEA-2023:5006 rpm