1574773 – Project admin could create daemonsets in its namespace

Bug 1574773 - Project admin could create daemonsets in its namespace

Summary: Project admin could create daemonsets in its namespace

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	apiserver-auth
Sub Component:
Version:	3.9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	3.9.z
Assignee:	Simo Sorce
QA Contact:	Chuan Yu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1501514 1571093
TreeView+	depends on / blocked

Reported:	2018-05-04 02:33 UTC by Chuan Yu
Modified:	2018-05-04 12:44 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1536304
Environment:
Last Closed:	2018-05-04 12:44:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Chuan Yu 2018-05-04 02:37:13 UTC

This issue happen again.
# openshift version
openshift v3.9.27
kubernetes v1.9.1+a0ce1bc657

Comment 2 Mo 2018-05-04 12:44:29 UTC

Per David Eads in https://bugzilla.redhat.com/show_bug.cgi?id=1555363#c5:

> https://github.com/openshift/ose/pull/1205 merged, so the controller doesn't
> create pods it knows will be rejected.  "fixing" the default role to
> disallow the creation of a daemonset was a bug.

The change is merged as of v3.9.26-1

This readds the deamonset permission as it is safe for normal users to have.  Thus this is the expected behavior.

Note You need to log in before you can comment on or make changes to this bug.