-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
[OSD-GCP] Reduce permissions required for Shared VPC installations
-
False
-
-
False
-
In Progress
-
OSDGCP-70 - [OSD-GCP] Reduce DNS Administrator permissions required for Shared VPC installations
-
80% To Do, 20% In Progress, 0% Done
-
-
-
(3/10) Dylan starting on Day1 (main) story but there is a 'user tracking' story and a 'day 2 read-only' story, all due by 3/18?
Overview
Enable OSD-GCP Shared VPC deployments with reduced host project permissions by allowing users to optionally select pre-created DNS zones during cluster creation.
Background
Enterprise customers deploying OSD clusters into Shared VPC environments have raised security concerns about granting broad DNS Administrator permissions on host projects. This epic adds UI support for the BYO (Bring Your Own) DNS zones model, allowing customers to pre-create DNS zones via CLI and select them in the wizard.
Scope
- New DNS Zone section in OSD GCP cluster creation wizard (VPC Settings step)
- Conditional display based on Domain Prefix from Cluster Settings
- Searchable dropdown to select pre-created DNS zones
- CLI instructions with copy functionality
- Segment tracking for feature adoption metrics
Out of Scope
- DNS zone CRUD operations (handled via CLI per existing WIF pattern)
- Day 2 editing of DNS zone settings
- Preflight error display (already supported by existing cluster details infrastructure)
Dependencies
- OCM-18691 - Backend: Shared VPC permission reduction (must be complete for full testing)
- The OCM UI will provide options to specify pre-created managed DNS zones for OSD-GCP shared VPC deployments, as described in the linked rosa enhancement.
Design Documents
- links to