Bug 1821447 - If Upgradeable is False due to default SCC mutation, we should provide better messaging to resolve the issue
Summary: If Upgradeable is False due to default SCC mutation, we should provide better...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Abu Kashem
QA Contact: Ke Wang
Depends On: 1818893
Blocks: 1821448
TreeView+ depends on / blocked
Reported: 2020-04-06 20:11 UTC by Abu Kashem
Modified: 2020-05-04 11:49 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1818893
: 1821448 (view as bug list)
Last Closed: 2020-05-04 11:48:34 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1808602 0 high CLOSED kube-apiserver operator should go upgradeable=false if SCC has changed 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:49:00 UTC

Comment 1 Abu Kashem 2020-04-06 20:25:20 UTC
This is not an issue in 4.4, since CVO manages the default SCC. It's not reproducible in 4.4, but qe can mutate any default SCC and validate 
- this bug is not present, no DefaultSecurityContextConstraints_Mutated in `Upgradeable` condition.
- CVO will stomp the changes made to the default SCC.

Comment 4 Stefan Schimanski 2020-04-09 11:37:58 UTC
Nothing to check here for QE. Moving to VERIFIED.

Comment 6 errata-xmlrpc 2020-05-04 11:48:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.