Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-300

Upgrade disconnected/restricted OpenShift cluster with STS on AWS

    XMLWordPrintable

Details

    • Upgrade disconnected/restricted OpenShift cluster with STS on AWS
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPPLAN-5656 - AWS STS - Security Token Service
    • Impediment
    • 0
    • 0% 0%
    • If Release Note Needed, Set a Value
    • Approved

    Description

      Goal

      As a Infrastructure Administrator, I want to upgrade OpenShift in a disconnected/restricted environment with STS on AWS.

      Why does the customer need this?

      • Regulated (FSI) customers want to deploy and manage lifecycle (including upgrade) of disconnected clusters with manual mode STS due to regulatory restrictions and policies.

      Requirement

      Setup an environment to validate the upgrade of disconnected deployment (RFE-2652) with ccoctl PR change, to ensure nothing else breaks.

      Acceptance Criteria

      • Make ccoctl sets STS endpoints to regional in AWS credentials secrets
      • Upgrade completes successfully
      • Image registry is available and operational
      • Identify any limitations for operating OpenShift in a disconnected environment with STS.

      Dependencies

      Cloud Credentials Operator, Installer, Registry

      Previous Work (Optional)

      AWS was introduced in OCP 4.8. See CCO-21 (Support AWS Security Token Service) See CCO-114. Note: This Jira is created to ensure we have testing/CI coverage for disconnected scenario.

       

       

       

       

      Attachments

        Issue Links

          depends on

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CORS-2356 Deploy disconnected OpenShift cluster with STS on AWS

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • In Progress

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CCO-257 Make ccoctl set sts endpoints to regional in AWS credentials secrets

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1629 Facing issue while configuring egress IP pool in OCP cluster which uses STS

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1830 Facing issue while configuring S3 ServiceEndpoint in OCP cluster which uses STS

          • Undefined - Priority not specified.
          • Closed
          is triggering

          Feature Request - Feature requests from customers and/or users RFE-3479 Better user experience for using GCP workload identity for tokens is bad

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          links to

          GitHub openshift/release#35241: Add STS Disconnect cluster jobs

          1.
          		 Docs Tracker Sub-task Closed Undefined Unassigned
          2.
          		 PX Tracker Sub-task Closed Undefined Unassigned
          3.
          		 QE Tracker Sub-task Closed Undefined Unassigned
          4.
          		 TE Tracker Sub-task Closed Undefined Unassigned

          Activity

            People

              yunjiang-1 Yunfei Jiang
              julim Ju Lim
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: