Uploaded image for project: 'Operator Runtime'
  1. Operator Runtime
  2. OPRUN-2600

Update OLM to address the security changes coming from PSA in 4.12

    XMLWordPrintable

Details

    • OLM + Pod Security Admission
    • False
    • None
    • False
    • Green
    • To Do
    • Impediment
    • 100
    • 100% 100%
    • 35
    • 0

    Description

      Epic Goal

      • Facilitate the transition to for OLM and content to PSA enforcing the `restricted` security profile
      • Use the label synch'er to enforce the required security profile
      • Current content should work out-of-the-box as is
      • Upgrades should not be blocked

      Why is this important?

      • PSA helps secure the cluster by enforcing certain security restrictions that the pod must meet to be scheduled
      • 4.12 will enforce the `restricted` profile, which will affect the deployment of operators in `openshift-*` namespaces¬†

      Scenarios

      1. Admin installs operator in an `openshift-*`namespace that is not managed by the label syncher -> label should be applied
      2. Admin installs operator in an `openshift-*` namespace that has a label asking the label syncher to not reconcile it -> nothing changes

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • Done only downstream
      • Transition documentation written and reviewed

      Dependencies (internal and external)

      1. label syncher (still searching for the link)

      Open questions::

      1. Is this only for openshift-* namespaces?

      Resources

      Stakeholders

      • Daniel S...?

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

      Attachments

        Issue Links

          Activity

            People

              anik120 Anik Bhattacharjee
              pegoncal@redhat.com Per Goncalves da Silva
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: