-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Managed Identities for Azure in HyperShift
-
Strategic Product Work
-
False
-
None
-
False
-
Not Selected
-
To Do
-
OCPSTRAT-979 - Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
-
OCPSTRAT-979Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
-
38% To Do, 50% In Progress, 13% Done
-
0
-
0
-
0
Problem
Today Azure installation requires manually created service principal which involves relations, permission granting, credential setting, credential storage, credentials rotation, credentials clean up, and service principal deletion. This is not only mundane and time-consuming but also less secure and risks access to resources by adversaries due to lack of credential rotation.
Goal
Employ Azure managed credentials which drastically reduce the steps required to just managed identity creation, permission granting, and resource deletion.
Ideally, this should be a HyperShift-native functionality. I.e., HyperShift should use managed identities for the control plane, the kubelet, and any add-on that needs access to Azure resources.
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-