Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- groomed

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Get Azure credentials using Azure SDK's generic NewDefaultAzureCredential function
Feature Link:
OCPSTRAT-979 - Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane)
Intelligence Requested:
Market:

Sprint:
Hypershift Sprint 261, Hypershift Sprint 262
Cost of Delay:
0
WSJF:
0
Risk Score:
0

Target Version:

openshift-4.18, openshift-4.17.z

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

User Story:

As a ARO HCP user, I want to be able to:

mount certificates from Key Vault using the Secrets Store CSI Driver on AKS

so that I can

use certificates to authenticate with Azure API for image registry on the HCP

Acceptance Criteria:

Description of criteria:

Upstream documentation
HyperShift PR with the changes to mount the certificate to the image registry deployment using the Secrets Store CSI driver

(optional) Out of Scope:

N/A

Engineering Details:

This expects the AKS management cluster to have the Secrets Store CSI driver installed, for example, through the flag `--enable-addons azure-keyvault-secrets-provider`.
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

This requires/does not require a design proposal.
This requires/does not require a feature gate.

is cloned by

HOSTEDCP-2032 Update Cluster Ingress Operator Deployment to Mount Cert Using Secrets Store CSI Driver

In Progress

links to

openshift/hypershift#4888: HOSTEDCP-2022: Reconcile SecretProviderClass for Image Registry on ARO HCP

Assignee:: Bryan Cox

Reporter:: Bryan Cox

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/10/10 1:36 PM

Updated:: 2024/11/06 10:41 AM