-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
Support external OIDC provider for ACM Observability
-
False
-
None
-
False
-
Not Selected
-
To Do
Epic Goal
- Support ACM Observability customers that want to bring their own external OIDC provider.
Why is this important?
Customers want to bring their own OIDC servers to provide authentication to the cluster.
Scenarios
OpenShift OAuth Server is not present and an external OIDC server is configured.
Acceptance Criteria
- Access to Grafana should work
- Access to Alertmanager's UI should work
Dependencies (internal and external)
- ...
Previous Work (Optional):
- ...
Open questions:
- If identify comes from an external provider, who handles authorization?
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Doc issue opened with a completed template. Separate doc issue
opened for any deprecation, removal, or any current known
issue/troubleshooting removal from the doc, if applicable.
- is related to
-
OCPSTRAT-306 Support for bring your own external OIDC based Auth provider for direct API Server access [Standalone OCP][TechPreview]
-
- In Progress
-
- relates to
-
ACM-1774 Handle byo certs in management ingress after Grafana changes to use oauth-proxy sidecar
-
- New
-
