-
Epic
-
Resolution: Done
-
Critical
-
None
-
Upgrade disconnected/restricted OpenShift cluster with STS on AWS
-
False
-
None
-
False
-
Not Selected
-
To Do
-
OCPPLAN-5656 - AWS STS - Security Token Service
-
Impediment
-
If Release Note Needed, Set a Value
-
Approved
Goal
As a Infrastructure Administrator, I want to upgrade OpenShift in a disconnected/restricted environment with STS on AWS.
Why does the customer need this?
- Regulated (FSI) customers want to deploy and manage lifecycle (including upgrade) of disconnected clusters with manual mode STS due to regulatory restrictions and policies.
Requirement
Setup an environment to validate the upgrade of disconnected deployment (RFE-2652) with ccoctl PR change, to ensure nothing else breaks.
Acceptance Criteria
- Make ccoctl sets STS endpoints to regional in AWS credentials secrets
- Upgrade completes successfully
- Image registry is available and operational
- Identify any limitations for operating OpenShift in a disconnected environment with STS.
Dependencies
Cloud Credentials Operator, Installer, Registry
Previous Work (Optional)
AWS was introduced in OCP 4.8. See CCO-21 (Support AWS Security Token Service) See CCO-114. Note: This Jira is created to ensure we have testing/CI coverage for disconnected scenario.
- depends on
-
CORS-2356 Deploy disconnected OpenShift cluster with STS on AWS
- Closed
-
CCO-257 Make ccoctl set sts endpoints to regional in AWS credentials secrets
- Closed
- is related to
-
OCPBUGS-1629 Facing issue while configuring egress IP pool in OCP cluster which uses STS
- Closed
-
OCPBUGS-1830 Facing issue while configuring S3 ServiceEndpoint in OCP cluster which uses STS
- Closed
- is triggering
-
RFE-3479 Better user experience for using GCP workload identity for tokens is bad
- Accepted
- links to