restricted-v2 Security Context Constraints not properly applied after upgrade to OpenShift Container Platform 4.11

Solution Verified - Updated -

Issue

  • During/after the upgrade from OpenShift 4.10 to 4.11 a problematic behavior was noticed in regard to the switch from the restricted to the restricted-v2 SCC policy. There seems to be an edge case where, although a User/ServiceAccount has permission to access both, none of the two policies seem to be applicable to a given pod, preventing all changes to the pod (including metadata) till the pod has been restarted.
  • Migration from restricted to restricted-v2 SCC not working as expected, causing problems for specific workloads such as AMQ Streams.

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content