Problem/Goal description

The current OpenShift entitlement process is too complex because automatic entitlement injection into containers was blocked. Customers are forced to use the Insights Operator secret (which lacks Satellite support) or manual secret management. This spike's goal is to simplify this process by defining a technical solution that works within the current RHEL 8, 9, and 10 lifecycles.

Current state

The system relies on customers managing secrets or using the Insights Operator. This is not optimal because:

1. The Insights Operator approach does not support Satellite integration, a critical customer use case.

1. The process forces manual steps (secret creation/rotation) or the use of confusing "fake" RHEL systems in inventory.

Proposed solution(s)

Path A focuses on improving and automating the current workflow. The spike will investigate the following proposals:

• Treat Entitlements as a 'First-Class Citizen': Enable the system to be entitlement-aware, allowing for transparent, automated injection into workloads once shared to a project.

• Automate Manual RBAC: Automate the manual Role-Based Access Control (RBAC) steps required for granting permission to read the entitlement secret/config map.

• Re-evaluate Container Runtime Injection: Re-evaluate the viability of copying host entitlements into containers now that RHCOS has Python/Subscription Manager.

• Map and Prioritize Automation: Map the full workflow (origin, distribution, consumption) to prioritize key automation efforts.

More details on the customer use cases: https://docs.google.com/spreadsheets/d/1jaMoTB5viR0KFqU_CH3Jzj451mhMyjl27jzO7E2eV8I/edit?gid=1854371913#gid=1854371913

Reviewers section