Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-32948

Azure pod identity webhook not provided after migration to Microsoft Entra Workload ID.

XMLWordPrintable

    • Critical
    • No
    • 2
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      Description of problem:

          After migration works complete, “pod-identity-webhook” deployment is not in the namespace "openshift-cloud-credential-operator".

      Version-Release number of selected component (if applicable):

          4.16

      How reproducible:

          Always

      Steps to Reproduce:

          1.Prepare an Azure OpenShift cluster.
    2.Migration to Azure AD workload Identity using procedure https://github.com/openshift/cloud-credential-operator/blob/master/docs/azure_workload_identity.md#steps-to-in-place-migrate-an-openshift-cluster-to-azure-ad-workload-identity.
    3.

      Actual results:

          Azure pod identity webhook is not being created.
[hmx@fedora CCO]$  oc get po -n openshift-cloud-credential-operator 
NAME                                        READY   STATUS    RESTARTS   AGE
cloud-credential-operator-78b94ffb4-587rh   2/2     Running   0          3h7m

      Expected results:

      Additional info:

      Tested migration to Azure AD workload Identity on following Azure cluster type:
  1. Default public Azure cluster.
  2. Single-node cluster.
  3. Azure private cluster.
  4. Disconnected Azure cluster.
This issue exists in all of the above cluster types.

              rh-ee-mold Mark Old
              mihuang@redhat.com Mingxia Huang
              Mingxia Huang Mingxia Huang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: