restricted-v2 Security Context Constraints not properly applied after upgrade to OpenShift Container Platform 4.11
Issue
- During/after the upgrade from OpenShift 4.10 to 4.11 a problematic behavior was noticed in regard to the switch from the
restricted
to therestricted-v2
SCC policy. There seems to be an edge case where, although a User/ServiceAccount has permission to access both, none of the two policies seem to be applicable to a given pod, preventing all changes to the pod (including metadata) till the pod has been restarted. - Migration from
restricted
torestricted-v2
SCC not working as expected, causing problems for specific workloads such as AMQ Streams.
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4.11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.