Bug 1821448 - If Upgradeable is False due to default SCC mutation, we should provide better messaging to resolve the issue
Summary: If Upgradeable is False due to default SCC mutation, we should provide better...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.z
Assignee: Abu Kashem
QA Contact: Ke Wang
Depends On: 1821447
TreeView+ depends on / blocked
Reported: 2020-04-06 20:19 UTC by Abu Kashem
Modified: 2020-04-15 21:35 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1821447
Last Closed: 2020-04-15 21:35:55 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 822 0 None closed Bug 1821448: Provide better messaging when Upgradeable is False 2020-07-27 13:09:08 UTC
Red Hat Bugzilla 1808602 0 high CLOSED kube-apiserver operator should go upgradeable=false if SCC has changed 2021-02-22 00:41:40 UTC

Comment 1 Abu Kashem 2020-04-15 21:35:55 UTC
As an FYI, we are going to make some changes:
- OpenShift 4.3: Revert DefaultSecurityContextConstraints_Mutated in 4.3. We have a PR open for this - https://github.com/openshift/cluster-kube-apiserver-operator/pull/830. It will go into 4.3.z.

- OpenShift 4.4: Mark the CVO manifests for the default SCCs as `create-only`. CVO will create/recreate if any default SCCs are deleted but will tolerate changed made to any default SCC. 
https://github.com/openshift/cluster-kube-apiserver-operator/pull/831 (will be back ported to 4.4)

So closing this BZ

Note You need to log in before you can comment on or make changes to this bug.