Moderate: Gatekeeper Operator v0.2 security fixes and enhancements
Security Advisory: Moderate
Gatekeeper Operator v0.2 security fixes and enhancements
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include bug
fixes and container upgrades.
Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security fix(es):
IMPORTANT: This release removes `PodSecurityPolicy` resource references, a deprecated Kubernetes construct, from the operator. Gatekeeper constraints based on the resource may no longer work.
The Gatekeeper operator that is installed by the Gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator is upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting to `Manual`, then you must view each cluster to manually approve the upgrade to the operator.