We need to ensure following OpenShift operators that utilize CCO credentials,
- azure-sdk-for-go module dependency updated to support workload identity federation.
- Support for workload identity federation is tech preview within azure-sdk-for-go. Support is being tracked in the following issues,
- Mount the OIDC token in the operator pod. This needs to go in the deployment. See example from addition to the cluster-image-registry-operator here
The following repos need one or more of above changes
Are there any other operators that will need changes?
Use the below command to extract credentials request manifests for Azure and from those manifests check which operators consume those credentials:
mkdir credreqs ; oc adm release extract --cloud=azure --credentials-requests $RELEASE_IMAGE --to=./credreqs