Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-1309 Document and Validate Google WIF authentication
  3. OADP-2665

Document - Introduction to OADP & Google WIF

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0
    • 0
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      In currently released versions of OADP, the only way to authenticate to GCP is via a long-lived service account credentials.
      This is not ideal for customers who are using GCP's WIF ([Workload Identity](https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity)) feature to authenticate to GCP.
      This proposal aims to add support for WIF to OADP.

       

        1. Goals
      • GCP WIF support for OADP and Velero for backup and restore of applications backed by GCP resources.
      • Using OpenShift's Cloud Credentials Operator to generate a short-lived token for authentication to GCP.
      • ImageStreamTag backup and restore

       

      ##NOTE

      This proposal allows OADP Operator to depend on short-lived credentials generated by the Cloud Credentials Operator. This is a more secure way to authenticate to GCP than using a long-lived service account key.

              rhn-support-cwisemon Carmi Wisemon
              rhn-support-anarnold A Arnold
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: