Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-2835

Azure workload identity support

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Duplicate
    • Icon: Medium Medium
    • None
    • None
    • cloud-api-adapter, Operator
    • None
    • Azure workload identity support
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • KATA-2439 - Confidential Containers ARO GA
    • 100% To Do, 0% In Progress, 0% Done
    • 0

      Epic Goal

      • Allowing using Azure's workload identity rather than secret for CAA interaction with Azure's API

      Additionally integrate it with the Cloud-Credential-Operator for seamless fetching/creating and setting of workload identity 

      •  
        Have support in workload identity for CAA
      • Utilize Cloud Credentials Operator to fetch/create and set the manged identity

      Why is this important?

      • Workload identity methodology is often used by Openshift customers
      • It helps to avoid credentials passing and privileges escalation
      • Improve user experience and security 

      Scenarios

      1. cluster administrator is able to setup OSC+peerpods with workload Identity __ 
      2. cluster administrator can install OSC+peer-pods and workload identity is automatically fetched and set using CCO 

      Acceptance Criteria 

      1. Peer-pods are running when using custom pre-configured workload identity 
      2. Peer-pods are running when Workload identity is being fetched & set using CCO

      Additional context:

              ssheribe@redhat.com Snir sheriber
              ssheribe@redhat.com Snir sheriber
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: