Skip to content

Add warnings for SecurityContextConstraints during export #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add warnings for SecurityContextConstraints during export #171

wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Aug 19, 2025
edited
Loading

This PR adds warning messages when SecurityContextConstraints (SCCs) are exported to help users understand the elevated privilege requirements on destination clusters.

Problem

When migrating applications from Kubernetes to OpenShift, users often encounter failures due to SecurityContextConstraints requiring elevated privileges that may not be available on the destination cluster. This is a common issue that catches users off-guard during migration.

Solution

Modified the acceptSecurityContextConstraints function in cmd/export/cluster.go to emit warning messages whenever an SCC is accepted for export. The warning informs users that:

  1. The exported SCC requires elevated privileges on the destination cluster
  2. They need to ensure access to appropriate SCCs when applying to the target environment
  3. This is especially important when migrating to OpenShift

Example Warning Output

INFO[0001] Accepted restricted-scc of kind SecurityContextConstraints (match via user system:serviceaccount:myapp:webapp-sa)
WARN[0001] WARNING: SecurityContextConstraints 'restricted-scc' requires elevated privileges on the destination cluster. Ensure you have access to appropriate SCCs when applying to the target environment, especially when migrating to OpenShift.

Testing

Added comprehensive tests in cmd/export/cluster_test.go to verify:

  • Warning messages appear when SCCs are accepted for export
  • Warning messages contain proper guidance about elevated privileges and OpenShift migration
  • No warnings appear when SCCs are not accepted (preventing noise)

The changes are minimal and surgical - only adding warning log statements without modifying the core SCC acceptance logic.

Fixes #83.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Should add warnings around security context constraint when exporting Add warnings for SecurityContextConstraints during export Aug 19, 2025
Copilot AI requested a review from kaovilai August 19, 2025 17:29
Copilot finished work on behalf of kaovilai August 19, 2025 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaovilai kaovilai Awaiting requested review from kaovilai

Assignees

@kaovilai kaovilai

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Should add warnings around security context constraint when exporting

2 participants

@kaovilai