Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-309

Allow multiple values for serviceAccountIssuer field

    XMLWordPrintable

Details

    • Epic
    • Resolution: Done
    • Critical
    • openshift-4.12
    • None
    • None
    • Allow multiple values for serviceAccountIssuer field
    • False
    • Hide
      This epic was automatically marked as blocked because the resolution for a subtask has been set to Won't Do (or Won't Fix), indicating a functional team cannot support this epic. If you believe this occurred in error, please reach out to the functional team for help in getting this work into their queue.
      Show
      This epic was automatically marked as blocked because the resolution for a subtask has been set to Won't Do (or Won't Fix), indicating a functional team cannot support this epic. If you believe this occurred in error, please reach out to the functional team for help in getting this work into their queue.
    • False
    • Green
    • To Do
    • Impediment
    • 100
    • 100% 100%
    • Auth - Sprint 225, Auth - Sprint 226, Auth - Sprint 227

    Description

      Epic Goal*

      Allow multiple values for the serviceAccountIssuer field per capability delivered in kube 1.22

      https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection

       
      Why is this important? (mandatory)

      This will make changes to service-account-issuer less disruptive for OCP customers. 

      A financial services customer recently encountered challenges with this adjustment via an ACM policy in https://issues.redhat.com/browse/OCPBUGS-830

       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1.  

       
      Dependencies (internal and external) (mandatory)

      What items must be delivered by other teams/groups to enable delivery of this epic. 

      Contributing Teams(and contacts) (mandatory) 

      Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.

      • Development - 
      • Documentation -
      • QE - 
      • PX - 
      • Others -

      Acceptance Criteria (optional)

      Provide some (testable) examples of how we will know if we have achieved the epic goal.  

      Drawbacks or Risk (optional)

      Reasons we should consider NOT doing this such as: limited audience for the feature, feature will be superseded by other work that is planned, resulting feature will introduce substantial administrative complexity or user confusion, etc.

      Done - Checklist (mandatory)

      The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.

      • CI Testing -  Basic e2e automationTests are merged and completing successfully
      • Documentation - Content development is complete.
      • QE - Test scenarios are written and executed successfully.
      • Technical Enablement - Slides are complete (if requested by PLM)
      • Engineering Stories Merged
      • All associated work items with the Epic are closed
      • Epic status should be “Release Pending” 

      Attachments

        Activity

          People

            mfojtik@redhat.com Michal Fojtik
            wlewis@redhat.com Wallace Lewis
            Andrea Hoffer Andrea Hoffer
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: