Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2462

Azure: update MCO to use acr credential provider plugin


    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.16
    • CLOUD Sprint 250

      User Story

      As a user I want kubelet to know how to authenticate with acr automatically so that I don't have to roll credentials every 12h


      This functionality is being removed in tree from the kubelet, so we now need to provide it via a credential provider plugin

      Before this can be completed, we will need to create and ship an rpm within RHCOS to provide the binary kubelet will exec.


      See https://github.com/openshift/machine-config-operator/pull/4103/files for an example PR


      • cluster-infra team
      • workloads team

      Definition of Done

      • MCO sets -image-credential-provider-config and -image-credential-provider-bin-dir for azure
      • credential provider config exists on azure master and worker nodes
      • Tests updated to reflect the above changes
      • Docs
      • Add release note notifying of the change from in tree kubelet to an external process
      • Testing
      • Set up private registry on ACR
      • Set up a new OCP cluster and check that it can pull from the registry

            rh-ee-tbarberb Theo Barber-Bany
            rh-ee-tbarberb Theo Barber-Bany
            Zhaohua Sun Zhaohua Sun
            0 Vote for this issue
            2 Start watching this issue