Bug 1821448

Summary: If Upgradeable is False due to default SCC mutation, we should provide better messaging to resolve the issue
Product: OpenShift Container Platform Reporter: Abu Kashem <akashem>
Component: kube-apiserverAssignee: Abu Kashem <akashem>
Status: CLOSED NOTABUG QA Contact: Ke Wang <kewang>
Severity: high Docs Contact:
Priority: high    
Version: 4.3.0CC: aos-bugs, jkaur, mfojtik, nagrawal, sttts, xxia
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1821447 Environment:
Last Closed: 2020-04-15 21:35:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1821447    
Bug Blocks:    

Comment 1 Abu Kashem 2020-04-15 21:35:55 UTC
As an FYI, we are going to make some changes:
- OpenShift 4.3: Revert DefaultSecurityContextConstraints_Mutated in 4.3. We have a PR open for this - https://github.com/openshift/cluster-kube-apiserver-operator/pull/830. It will go into 4.3.z.

- OpenShift 4.4: Mark the CVO manifests for the default SCCs as `create-only`. CVO will create/recreate if any default SCCs are deleted but will tolerate changed made to any default SCC. 
https://github.com/openshift/cluster-kube-apiserver-operator/pull/831 (will be back ported to 4.4)

So closing this BZ