Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7268

[4.13] Modify the PSa pod extractor to mutate pod controller pod specs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 4.13.0
    • 4.11
    • apiserver-auth
    • None
    • None
    • Auth - Sprint 232, Auth - Sprint 233, Auth - Sprint 234, Auth - Sprint 235
    • 4
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      When creating a pod controller (e.g. deployment) with pod spec that will be mutated by SCCs, the users might still get a warning about the pod not meeting given namespace pod security level.

      Version-Release number of selected component (if applicable):

      4.11

      How reproducible:

      100%

      Steps to Reproduce:

      1. create a namespace with restricted PSa warning level (the default)
2. create a deployment with a pod with an empty security context

      Actual results:

      You get a warning about the deployment's pod not meeting the NS's pod security admission requirements.

      Expected results:

      No warning if the pod for the deployment would be properly mutated by SCCs in order to fulfill the NS's pod security requirements.

      Additional info:

      originally implemented as a part of https://issues.redhat.com/browse/AUTH-337

       

              slaznick@redhat.com Stanislav Láznička (Inactive)
              slaznick@redhat.com Stanislav Láznička (Inactive)
              Giriyamma Karagere Ramaswamy Giriyamma Karagere Ramaswamy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: