-
Feature
-
Resolution: Done
-
Critical
-
None
-
Strategic Portfolio Work
-
True
-
-
False
-
OCPSTRAT-6Tokenized Auth Enablement for OLM-managed Operators on AWS
-
0% To Do, 0% In Progress, 100% Done
-
L
-
0
Feature Overview:
Hypershift-provisioned clusters, regardless of the cloud provider support the proposed integration for OLM-managed integration outlined in OCPBU-559 and OCPBU-560.
Goals
There is no degradation in capability or coverage of OLM-managed operators support short-lived token authentication on cluster, that are lifecycled via Hypershift.
Requirements:
- the flows in
OCPBU-559andOCPBU-560need to work unchanged on Hypershift-managed clusters - most likely this means that Hypershift needs to adopt the CloudCredentialOperator
- all operators enabled as part of
OCPBU-563, OCPBU-564,OCPBU-566and OCPBU-568 need to be able to leverage short-lived authentication on Hypershift-managed clusters without being aware that they are on Hypershift-managed clusters - also OCPBU-569 and
OCPBU-570should be achievable on Hypershift-managed clusters
Background
Currently, Hypershift lacks support for CCO.
Customer Considerations
Currently, Hypershift will be limited to deploying clusters in which the cluster core operators are leveraging short-lived token authentication exclusively.
Documentation Considerations
If we are successful, no special documentation should be needed for this.
- depends on
-
OCPBUGS-27103 Failed to create secret on HyperShift Hosted Cluster with short-lived token was enabled by CCO.
- Closed
- is blocked by
-
OCPBUGS-25897 Failed to create secret on HyperShift Hosted Cluster with short-lived token was enabled by CCO.
- Closed
-
OCPSTRAT-171 CloudCredentialOperator-based flow for OLM-managed operators and AWS STS
- Closed
- is related to
-
OCPSTRAT-235 STS enablement for critical OLM-managed operators
- Closed
- relates to
-
RFE-5592 External DNS operator doesn't work on HCP clusters
- Accepted
- links to