Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1737

Use private storage buckets in Azure for clusters that use Microsoft Entra Workload ID

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 100% To Do, 0% In Progress, 0% Done
    • 0
    • Backlog Refinement

      Feature Overview (aka. Goal Summary)  

      Support the creation and use of private storage buckets in Azure for clusters that use Microsoft Entra Workload ID.

      Self-managed OpenShift on Azure customers want to use private storage buckets (as opposed to public storage buckets) for clusters created using Microsoft Entra Workload ID to comply with organization's security policies.

      Goals (aka. expected user outcomes)

      Create private storage bucket for self-managed OpenShift Azure clusters that uses Microsoft Entra Workload ID using ccoctl.

      Requirements (aka. Acceptance Criteria):

      Enhance ccoctl to provide an option akin to "create-private-s3-bucket" flag in the "ccoctl azure create" command to create private storage bucket. 

       

      Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed.  Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.

      Deployment considerations List applicable specific needs (N/A = not applicable)
      Self-managed, managed, or both Self-managed
      Classic (standalone cluster) Classic
      Hosted control planes N/A
      Multi node, Compact (three node), or Single node (SNO), or all All
      Connected / Restricted Network All
      Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) All
      Operator compatibility  
      Backport needed (list applicable versions) No
      UI need (e.g. OpenShift Console, dynamic plugin, OCM) N/A
      Other (please specify)  

      Use Cases (Optional):

      As an OpenShift Administrator, I want to create private storage bucket in conjunction with Azure's Microsoft Entra Workload ID authentication to store the OIDC endpoint configuration (vs. creating public bucket which is against company security policy).

      Questions to Answer (Optional):

      N/A

      Out of Scope

      N/A

      Background

      N/A

      Customer Considerations

      N/A

      Documentation Considerations

      Existing documentation would need to get updated to reflect optional ability to create private bucket

      Interoperability Considerations

      N/A

              julim Ju Lim
              rhn-support-memodi Mehul Modi
              Jeana Routh Jeana Routh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: