Closed lance5890 closed 5 months ago
openshift-bot
commented
7 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
openshift-bot
commented
6 months ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
openshift-bot
commented
5 months ago Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
openshift-ci[bot]
commented
5 months ago @openshift-bot: Closing this issue.
1 as the kube-apiserver has set the 'privileged: true' https://github.com/openshift/cluster-kube-apiserver-operator/blob/31380bd1f08416d27b8978bcd91df27ea01419c3/bindata/assets/kube-apiserver/pod.yaml#L148-L149
2 but even without the 'privileged: true', the kube-apiserver can also write audit to /var/log/kube-apiserver
3 when using standard container runtimes (for example ContainerD or CRI-O) access to a privileged container allows for easy breakout to the underlying host, which in turn allows for access to all other workloads on that host and credentials for the node agent (Kubelet)
maybe we should remove the "privileged: true"