[BUG] Built-in PSACT rancher-restricted
is not updated to the new version after Rancher is upgraded
#43150
Labels
area/psa
Pod Security Admission related issues
kind/bug
Issues that are defects reported by users or that we know have reached a real release
QA/S
release-note
Note this issue in the milestone's release notes
security-required
status/release-note-added
team/hostbusters
The team that is responsible for provisioning/managing downstream clusters + K8s version support
Waiting for RC
Waiting for an RC before this ticket can move.
[zube]: Blocked
Milestone
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
In Rancher v2.7.7, Two new entries,
cattle-provisioning-capi-system
andcattle-fleet-local-system
, are added to theexemptions.namespaces
list in the built-in PodSecurityAdmissionConfigurationTemplates (PSACTs)rancher-restricted
. (PR)However, Rancher lacks the ability to update the existing PSACT,
rancher-restricted
in this case, so when we upgrade Rancher from 2.7.6 to 2.7.7,rancher-restricted
is not updated to the new version, i.e. the new entries are missing.To Reproduce
rancher-restricted
is created in the local clusterrancher-restricted
Result
The value of the PSACT
rancher-restricted
is unchanged: it is NOT updated to includecattle-provisioning-capi-system
andcattle-fleet-local-system
Expected Result
Rancher should update the PSACT
rancher-restricted
to includecattle-provisioning-capi-system
andcattle-fleet-local-system
under theexemptions.namespaces
list.Screenshots
Additional context
The text was updated successfully, but these errors were encountered: