Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-8709

don't enforce PSa in 4.13

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • None
    • 4.13.0
    • apiserver-auth
    • None
    • Critical
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      We shouldn't enforce PSa in 4.13, neither by label sync, neither by global cluster config.

      Version-Release number of selected component (if applicable):

      4.13

      How reproducible:

      100%

      Steps to Reproduce:

      As a cluster admin:
1. create two new namespaces/projects: pokus, openshift-pokus
2. as a cluster-admin, attempt to create a privileged pod in both the namespaces from 1.

      Actual results:

      pod creation is blocked by pod security admission

      Expected results:

      only a warning about pod violating the namespace pod security level should be emitted

      Additional info:

      This is currently a noop for 4.14

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-8710 [4.13] don't enforce PSa in 4.13

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-8710 [4.13] don't enforce PSa in 4.13

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              slaznick@redhat.com Stanislav Laznicka
              slaznick@redhat.com Stanislav Laznicka
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: