Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-456

Support migration to Azure Managed Identity

    XMLWordPrintable

Details

    • [Spike] Support migration to Azure Managed Identity
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-1185 - Support migration to Azure AD Workload Identity
    • OCPSTRAT-1185Support migration to Azure AD Workload Identity
    • 32
    • 32% 32%

    Description

      Goal

      Spike to evaluate if we can provide an automated way to support migration to Azure Managed Identity (preferred), or alternatively a manual method (second option) for customers to perform the migration themselves that is documented and supported, or not at all.

      This spike will evaluate, scope the level of effort (sizing), and make recommendation on next steps.

      Feature request

      Support migration to Azure Managed Identity

      Feature description

      Many customers would like to migrate to Azure Managed Identity but have numerous existing clusters and an aversion to supporting two concurrent operational requirements. Therefore they would like to migrate existing Azure clusters to Managed Identity in a safe manner after they have been upgraded to a version of OCP supporting that feature (4.14+).

      Why?

      Provide a uniform operational experience for all clusters running versions which support Azure Managed Identity without having to decommission long running clusters

      Other considerations

      • Disruption to customer's workload.
      • Has to be closely coordinated with update effort to minimize disruption.
      • Tokenized operators and other layered products - work not yet done (OCP 4.15/4.16 plans) and has to be manually done for now and may not cover the full set.
      • If we grant this for Azure MI/WI, we will likely will need to also do this for STS and GCP WIF.
      • If we grant this, would we do this for self-managed and managed OpenShift (ARO)?

      Attachments

        Issue Links

          is related to

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. XCMSTRAT-36 ARO - Using Managed Identity / Workload Identity to conform to least privilege

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • New

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-1231 Enable Azure managed identity with Azure AD workload identity for self-managed OpenShift for Microsoft Azure Government regions

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-1232 Enable Azure managed identity with Azure AD workload identity for self-managed OpenShift for Azure Stack Hub

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • New

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-506 ARO Managed Identity

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-513 Azure managed identity with Azure AD workload identity for self-managed OpenShift

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is triggered by

          Feature Request - Feature requests from customers and/or users RFE-4831 Support migration to Azure Managed Identity

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          links to

          Web Link Notes - RFE-4831 (Support migration to Azure Managed Identity)

          Web Link Steps to in-place migrate an OpenShift Cluster to Azure AD Workload Identity

          Activity

            People

              rh-ee-mold Mark Old
              julim Ju Lim
              Mingxia Huang Mingxia Huang
              Jeana Routh Jeana Routh
              Scott Dodson Scott Dodson
              Scott Dodson Scott Dodson
              Ju Lim Ju Lim
              Eric Rich Eric Rich
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: