Bug 1823923 - Revert DefaultSecurityContextConstraints_Mutated
Summary: Revert DefaultSecurityContextConstraints_Mutated
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.3.z
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.4.z
Assignee: Abu Kashem
QA Contact: Xingxing Xia
URL:
Whiteboard:
Depends On:
Blocks: 1823921
TreeView+ depends on / blocked
 
Reported: 2020-04-14 19:35 UTC by Abu Kashem
Modified: 2020-04-17 02:00 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1823921
Environment:
Last Closed: 2020-04-17 02:00:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Abu Kashem 2020-04-14 19:35:43 UTC 
+++ This bug was initially created as a clone of Bug #1823921 +++

Description of problem:
In 4.3.8, if a default SCC is changed then upgrade uis blocked. For more you can see https://bugzilla.redhat.com/show_bug.cgi?id=1821905

Version-Release number of the following components:
OpenShift 4.3.8

How reproducible:

Steps to Reproduce:
1.Deploy 4.3.8 cluster
2. Try to upgrade to 4.3.9

Actual results:
'Unable to apply 4.3.9: it may not be safe to apply this update'


'Precondition "ClusterVersionUpgradeable" failed because of "DefaultSecurityContextConstraints_Mutated":
        Cluster operator kube-apiserver cannot be upgraded: DefaultSecurityContextConstraintsUpgradeable:
        Default SecurityContextConstraints object(s) have mutated [privileged]'


Expected results:
4.3.9 Cluster

We are going to remove the SCC controller that sets Upgradeable to False.
Comment 1 Abu Kashem 2020-04-14 19:40:08 UTC 
Not relevant to 4.4, closing it.
Comment 3 Xingxing Xia 2020-04-17 02:00:39 UTC 
Due to comment 1, updating bug field accordingly. If incorrect, please let me know, thanks.
Note You need to log in before you can comment on or make changes to this bug.