Details
-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
True
-
-
False
-
OCPSTRAT-6Tokenized Auth Enablement for OLM-managed Operators on Cloud Providers
-
75
-
75%
-
L
-
0
-
0
Description
Feature Overview:
Hypershift-provisioned clusters, regardless of the cloud provider support the proposed integration for OLM-managed integration outlined in OCPBU-559 and OCPBU-560.
Goals
There is no degradation in capability or coverage of OLM-managed operators support short-lived token authentication on cluster, that are lifecycled via Hypershift.
Requirements:
- the flows in
OCPBU-559andOCPBU-560need to work unchanged on Hypershift-managed clusters - most likely this means that Hypershift needs to adopt the CloudCredentialOperator
- all operators enabled as part of
OCPBU-563, OCPBU-564,OCPBU-566and OCPBU-568 need to be able to leverage short-lived authentication on Hypershift-managed clusters without being aware that they are on Hypershift-managed clusters - also OCPBU-569 and OCPBU-570 should be achievable on Hypershift-managed clusters
Background
Currently, Hypershift lacks support for CCO.
Customer Considerations
Currently, Hypershift will be limited to deploying clusters in which the cluster core operators are leveraging short-lived token authentication exclusively.
Documentation Considerations
If we are successful, no special documentation should be needed for this.
Attachments
Issue Links
- depends on
-
OCPBUGS-27103 Failed to create secret on HyperShift Hosted Cluster with short-lived token was enabled by CCO.
- Closed
- is blocked by
-
OCPBUGS-25897 Failed to create secret on HyperShift Hosted Cluster with short-lived token was enabled by CCO.
- Verified
-
OCPSTRAT-171 CloudCredentialOperator-based flow for OLM-managed operators and AWS STS
- Closed
- is related to
-
OCPSTRAT-235 STS enablement for critical OLM-managed operators
- Closed
- links to