Bug 1823923

Summary: Revert DefaultSecurityContextConstraints_Mutated
Product: OpenShift Container Platform Reporter: Abu Kashem <akashem>
Component: kube-apiserverAssignee: Abu Kashem <akashem>
Status: CLOSED NOTABUG QA Contact: Xingxing Xia <xxia>
Severity: high Docs Contact:
Priority: high    
Version: 4.3.zCC: aos-bugs, mfojtik, xxia
Target Milestone: ---   
Target Release: 4.4.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1823921 Environment:
Last Closed: 2020-04-17 02:00:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1823921    

Description Abu Kashem 2020-04-14 19:35:43 UTC 
+++ This bug was initially created as a clone of Bug #1823921 +++

Description of problem:
In 4.3.8, if a default SCC is changed then upgrade uis blocked. For more you can see https://bugzilla.redhat.com/show_bug.cgi?id=1821905

Version-Release number of the following components:
OpenShift 4.3.8

How reproducible:

Steps to Reproduce:
1.Deploy 4.3.8 cluster
2. Try to upgrade to 4.3.9

Actual results:
'Unable to apply 4.3.9: it may not be safe to apply this update'


'Precondition "ClusterVersionUpgradeable" failed because of "DefaultSecurityContextConstraints_Mutated":
        Cluster operator kube-apiserver cannot be upgraded: DefaultSecurityContextConstraintsUpgradeable:
        Default SecurityContextConstraints object(s) have mutated [privileged]'


Expected results:
4.3.9 Cluster

We are going to remove the SCC controller that sets Upgradeable to False.
Comment 1 Abu Kashem 2020-04-14 19:40:08 UTC 
Not relevant to 4.4, closing it.
Comment 3 Xingxing Xia 2020-04-17 02:00:39 UTC 
Due to comment 1, updating bug field accordingly. If incorrect, please let me know, thanks.