Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5308

To provide useful information in PodSecurityViolation Alert

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • openshift-4.15
    • User Interface
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request
      To provide useful information in PodSecurityViolation Alert
       
      2. What is the nature and description of the request?
      When enabling PodSecurity Auditing across namespaces, the Alert the OpenShift Provides does not provide usefull information as to which workload is effected.
      The response of "was created somewhere in the cluster" is not useful.

      3. Why does the customer need this? (List the business requirements here)
      Official documentation points to run audit must-gather:
      https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#security-context-constraints-psa-alert-eval_understanding-and-managing-pod-security-admission

      But that requires elevated privileges.
      As a cluster-reader, one should be able to easily identify affected namespaces, (and workloads) from the cluster, in the GUI or via oc cli.

      4. List any affected packages or components.

            atelang@redhat.com Anjali Telang
            rhn-support-aprajapa Ashish Prajapati
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: