Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19865

Azure AD Workload Identity does not work with bring your own vnet

XMLWordPrintable

    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      This is a clone of issue OCPBUGS-18246. The following is the description of the original issue:

      Description of problem:

      Role assignment for Azure AD Workload Identity performed by ccoctl does not provide an option to scope role assignments to a resource group containing customer vnet in a byo vnet installation workflow.

https://docs.openshift.com/container-platform/4.13/installing/installing_azure/installing-azure-vnet.html

      Version-Release number of selected component (if applicable):

      4.14.0

      How reproducible:

      100%

      Steps to Reproduce:

      1. Create Azure resource group and vnet for OpenShift within that resource group.
2. Create Azure AD Workload Identity infrastructure with ccoctl.
3. Follow steps to configure existing vnet for installation setting networkResourceGroupName within the install config.
4. Attempt cluster installation.

      Actual results:

      Cluster installation fails.

      Expected results:

      Cluster installation succeeds.

      Additional info:

      ccoctl must be extended to accept a parameter specifying the network resource group name and scope relevant component role assignments to the network resource group in addition to the installation resource group.

            rh-ee-mold Mark Old
            openshift-crt-jira-prow OpenShift Prow Bot
            Mingxia Huang Mingxia Huang
            Jeana Routh Jeana Routh
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: