-
Epic
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Simplified token upgrade process
-
To Do
-
Product / Portfolio Work
-
-
100% To Do, 0% In Progress, 0% Done
-
False
-
-
False
-
Not Selected
-
M
-
None
Epic Goal
- The upgrade documentation is only using the commands for updating the roles and accounts:
- aws create-iam-roles
- azure create-managed-identities
- gcp create-service-accounts
- ccoctl has an optional flag (--apply) to apply the generated secret manifests directly to the cluster with the following sub-commands:
- aws create-iam-roles
- azure create-managed-identities
- gcp create-service-accounts
- ccoctl has an optional flag (--set-upgradeable-to) to set the upgradeable-to annotation directly to the cluster with the following sub-commands:
- aws create-iam-roles
- azure create-managed-identities
- gcp create-service-accounts
- ccoctl has a command to apply the previously generated secret manifests directly to the cluster
- ccoctl [aws|azure|gcp] apply [all|secrets|issuer]
- ccoctl has a command to set the upgradeable-to annotation directly in the cluster
- ccoctl creates all custom roles before before creating/attaching to any accounts in order to reduce the time waiting on roles to propagate.
Why is this important?
- To improve the user experience when upgrading clusters with short-term token authentication.
Scenarios
Acceptance Criteria
Dependencies (internal and external)
Previous Work (Optional):
Open questions::
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>