Back to bug 2110628
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Bukatovic | 2022-07-25 17:53:22 UTC | Version | 4.10 | 4.11 |
| Martin Bukatovic | 2022-07-25 17:58:05 UTC | Summary | PodSecurityViolation starts to file when ODF operator is installed | PodSecurityViolation starts to fire when ODF operator is installed |
| Martin Bukatovic | 2022-07-25 17:58:16 UTC | Summary | PodSecurityViolation starts to fire when ODF operator is installed | PodSecurityViolation alert starts to fire when ODF operator is installed |
| Martin Bukatovic | 2022-07-25 18:13:56 UTC | Severity | unspecified | high |
| Madhu Rajanna | 2022-07-26 06:20:07 UTC | CC | mrajanna, owasserm | |
| Flags | needinfo?(owasserm) | |||
| Mudit Agarwal | 2022-07-26 07:28:54 UTC | Flags | needinfo?(ebenahar) needinfo?(etamir) | |
| CC | ebenahar, etamir, muagarwa | |||
| Orit Wasserman | 2022-07-26 09:10:19 UTC | Flags | needinfo?(owasserm) | |
| Elad | 2022-07-26 12:34:16 UTC | Flags | needinfo?(ebenahar) | |
| Mudit Agarwal | 2022-07-26 15:12:03 UTC | Flags | needinfo?(etamir) | needinfo?(jrivera) needinfo?(mrajanna) |
| Blocks | 2094357 | |||
| CC | jrivera | |||
| Doc Type | If docs needed, set a value | Known Issue | ||
| Madhu Rajanna | 2022-07-27 09:18:01 UTC | Flags | needinfo?(mrajanna) | |
| Madhu Rajanna | 2022-08-16 05:26:07 UTC | Doc Text | Cause: Openshift introduced Pod Security Admission to secure the cluster by enforcing certain security restrictions that the pod must meet to be scheduled. Openishhit 4.11 will have audit/warn events with enforcing privileged (same as 4.10) Consequence/Result: The openshift-storage namespace dont have the enforcement labels required for Pod Security Admission. Because of this, we will see warnings in events. | |
| Flags | needinfo?(owasserm) | |||
| Orit Wasserman | 2022-08-16 12:56:05 UTC | Doc Text | Cause: Openshift introduced Pod Security Admission to secure the cluster by enforcing certain security restrictions that the pod must meet to be scheduled. Openishhit 4.11 will have audit/warn events with enforcing privileged (same as 4.10) Consequence/Result: The openshift-storage namespace dont have the enforcement labels required for Pod Security Admission. Because of this, we will see warnings in events. | Cause: OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled. OpenShift 4.11 will have audit/warn events with enforcing privileged (same as 4.10) Consequence/Result: The openshift-storage namespace doesn't have the required enforcement labels for Pod Security Admission, as result we will see warnings in events. |
| Flags | needinfo?(owasserm) | |||
| Olive Lakra | 2022-08-19 06:02:38 UTC | CC | olakra | |
| Doc Text | Cause: OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled. OpenShift 4.11 will have audit/warn events with enforcing privileged (same as 4.10) Consequence/Result: The openshift-storage namespace doesn't have the required enforcement labels for Pod Security Admission, as result we will see warnings in events. | .Pod security violation alert starts to fire when OpenShift Data Foundation operator is installed OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled such that OpenShift 4.11 has an audit and warn events with enforcing privileged (same as 4.10). As a result, you will see warnings in events since the `openshift-storage` namespace doesn't have the required enforcement labels for Pod Security Admission. |
||
| Olive Lakra | 2022-08-23 06:34:36 UTC | Doc Text | .Pod security violation alert starts to fire when OpenShift Data Foundation operator is installed OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled such that OpenShift 4.11 has an audit and warn events with enforcing privileged (same as 4.10). As a result, you will see warnings in events since the `openshift-storage` namespace doesn't have the required enforcement labels for Pod Security Admission. | .Pod security violation alert starts to fire when the OpenShift Data Foundation operator is installed OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled such that OpenShift 4.11 has an audit and warn events with enforcing privileged (same as 4.10). As a result, you will see warnings in events since the `openshift-storage` namespace doesn't have the required enforcement labels for Pod Security Admission. |
| Martin Bukatovic | 2022-08-31 12:45:01 UTC | Group | redhat | |
| Malay Kumar parida | 2022-09-17 16:36:57 UTC | Assignee | jrivera | mparida |
| CC | mparida | |||
| Mudit Agarwal | 2022-09-29 03:27:46 UTC | Doc Type | Known Issue | Bug Fix |
| Status | NEW | ASSIGNED | ||
| Doc Text | .Pod security violation alert starts to fire when the OpenShift Data Foundation operator is installed OpenShift introduced Pod Security Admission to enforce security restrictions on Pods when scheduled such that OpenShift 4.11 has an audit and warn events with enforcing privileged (same as 4.10). As a result, you will see warnings in events since the `openshift-storage` namespace doesn't have the required enforcement labels for Pod Security Admission. | |||
| RHEL Program Management | 2022-09-29 03:27:55 UTC | Target Release | --- | ODF 4.12.0 |
| Mudit Agarwal | 2022-09-29 03:28:39 UTC | Blocks | 2130742 | |
| Mudit Agarwal | 2022-09-29 03:29:46 UTC | Flags | needinfo?(jrivera) | |
| Mudit Agarwal | 2022-10-26 05:15:41 UTC | Status | ASSIGNED | ON_QA |
| Fixed In Version | 4.12.0-80 | |||
| Martin Bukatovic | 2022-10-27 19:11:38 UTC | Status | ON_QA | VERIFIED |
| Sunil Kumar Acharya | 2022-12-08 12:55:57 UTC | Flags | needinfo?(mparida) | |
| Malay Kumar parida | 2022-12-08 13:36:21 UTC | Flags | needinfo?(mparida) | |
| Doc Text | Cause: OCP 4.11 introduced new POD Security Admission standards which will give warnings on running of privileged pods. And ODF operator deployment uses a few pods which needed privileged access. Consequence: After the ODF operator was deployed Pod Security Violation alert started firing. Fix: OLM now automatically labels the Namespace which is prefixed by openshift-* for relevant Pod security Admission standards. Result: There is no longer a Pod Security Violation Alert when the ODF operator is installed. |
|||
| Red Hat Bugzilla | 2022-12-31 19:35:14 UTC | Assignee | mparida | muagarwa |
| CC | mparida | |||
| Red Hat Bugzilla | 2022-12-31 20:00:22 UTC | CC | olakra | |
| Red Hat Bugzilla | 2022-12-31 22:33:43 UTC | CC | owasserm | |
| Red Hat Bugzilla | 2022-12-31 22:37:31 UTC | CC | ebenahar | |
| Red Hat Bugzilla | 2023-01-01 08:43:10 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 04:46:40 UTC | Assignee | muagarwa | mparida |
| Alasdair Kergon | 2023-01-04 05:17:49 UTC | CC | mparida | |
| Alasdair Kergon | 2023-01-04 05:25:54 UTC | CC | olakra | |
| Alasdair Kergon | 2023-01-04 05:26:53 UTC | CC | owasserm | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:41:59 UTC | CC | ebenahar | |
| Red Hat Bugzilla | 2023-01-16 08:27:26 UTC | CC | jrivera | |
| Erin Donnelly | 2023-01-27 20:33:50 UTC | Doc Text | Cause: OCP 4.11 introduced new POD Security Admission standards which will give warnings on running of privileged pods. And ODF operator deployment uses a few pods which needed privileged access. Consequence: After the ODF operator was deployed Pod Security Violation alert started firing. Fix: OLM now automatically labels the Namespace which is prefixed by openshift-* for relevant Pod security Admission standards. Result: There is no longer a Pod Security Violation Alert when the ODF operator is installed. | . There is no longer a Pod Security Violation Alert when the ODF operator is installed {ProductShortName} version 4.11 introduced new POD Security Admission standards which give warnings on running of privileged pods. The ODF operator deployment uses a few pods which needed privileged access. Because of this, after the ODF operator was deployed, a Pod Security Violation alert started firing. With this release, OLM now automatically labels the Namespace, which is prefixed by `openshift-*`, for relevant Pod security Admission standards. |
| CC | edonnell | |||
| Red Hat Bugzilla | 2023-01-31 22:28:00 UTC | CC | etamir | |
| Red Hat Bugzilla | 2023-01-31 23:37:35 UTC | CC | madam | |
| Rejy M Cyriac | 2023-02-08 14:06:28 UTC | Resolution | --- | CURRENTRELEASE |
| Status | VERIFIED | CLOSED | ||
| Last Closed | 2023-02-08 14:06:28 UTC | |||
| Aman Agrawal | 2023-04-04 17:35:14 UTC | CC | amagrawa | |
| Flags | needinfo?(mparida) | |||
| Malay Kumar parida | 2023-04-05 06:22:35 UTC | Flags | needinfo?(mparida) | |
| Elad | 2023-08-09 17:00:43 UTC | CC | odf-bz-bot |
Back to bug 2110628