New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] 1.5.4-rc2 exclude clusterRole from Policy broken #2964
Comments
Does it work if you nest the exclusion under an |
I dont know, we rolled back to 1.5.2 as that bug basically prevents usage of our clusters |
Looks like this didn't get fixed as initially reported in #2819. Exclusion of clusterRoles is now entirely broken, whether placed under |
Regression re prioritized for Kyverno 1.5.4. |
Which is already released :S |
1.6.0 |
@chipzoller @JimBugwadia considering this is quite a regression and we had to upgrade to 1.5.5 due other bugs in previous versions, would you consider cherry-picking this for a patch release in 1.5? I'm not sure how far away 1.6 is, but looks like there's still plenty of issues open on the 1.6 milestone. |
1.6 is within the next couple weeks. |
@dkulchinsky - the team is currently working on getting an 1.6 RC completed, in the next day or so. As Chip mentioned, getting the release completed may have a couple of weeks. The fix looks fairly localized, so should be OK to cherry-pick / merge to 1.5.x. Do you want to submit a PR? Otherwise, we can revisit after the RC. @realshuting - any additional thoughts? |
Thanks @JimBugwadia, just looked at the fix, indeed looks simple enough so happy to try a PR for 1.5, this is impacting us with several policies, so would be great to have patch release with this fix asap (we also can't go back to 1.5.2 because of other bugs there were fixed since than) |
@JimBugwadia @realshuting looking at cherry picking this for 1.5, but seems that it depends on a function ( |
Hi @dkulchinsky - yes it seems like that function will need to be back ported as well: kyverno/pkg/webhooks/common.go Line 156 in 5ad0d15
It looks fairly independent, so should not require pulling in anything additions. Let me know if you run into any issues with porting it. |
I think I managed to get it sorted @JimBugwadia /cc @realshuting |
Software version numbers
State the version numbers of applications involved in the bug.
Describe the bug
We have the following Policy that doesnt work after an upgrade from 1.5.2 to 1.5.4-rc2:
The exclusion for clusterAdmin doesnt apply anymore, thus creation of a namespace with those labels fails.
To Reproduce
Steps to reproduce the behavior:
Apply the policy
Try to create the NS as cluster-admin
Expected behavior
i am able to create the NS
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: