-
Story
-
Resolution: Done
-
Blocker
-
None
-
Strategic Product Work
-
False
-
None
-
False
-
OCPSTRAT-506 - ARO Managed Identity
We need to ensure following OpenShift operators that utilize CCO credentials,
- azure-sdk-for-go module dependency updated to support workload identity federation.
- Support for workload identity federation is tech preview within azure-sdk-for-go. Support is being tracked in the following issues,
- Mount the OIDC token in the operator pod. This needs to go in the deployment. See example from addition to the cluster-image-registry-operator here
The following repos need one or more of above changes
- Installer
- cloud-credential-operator
- cluster-image-registry-operator
- cluster-ingress-operator
- cluster-storage-operator
- machine-api-operator
- docker-distribution
- azure-disk-csi-driver-operator
- azure-file-csi-driver-operator
- cloud-controller-manager-operator
- cloud-provider-azure
- cluster-network-operator
- cloud-network-config-controller
Are there any other operators that will need changes?
Â
Use the below command to extract credentials request manifests for Azure and from those manifests check which operators consume those credentials:
Â
mkdir credreqs ; oc adm release extract --cloud=azure --credentials-requests $RELEASE_IMAGE --to=./credreqs
- depends on
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is depended on by
-
CCO-187 Azure Managed Identity (Workload Identity) Support
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
