-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
BU Product Work
-
False
-
-
False
-
100% To Do, 0% In Progress, 0% Done
-
0
-
Backlog Refinement
Feature Overview (aka. Goal Summary)
Support the creation and use of private storage buckets in Azure for clusters that use Microsoft Entra Workload ID.
Self-managed OpenShift on Azure customers want to use private storage buckets (as opposed to public storage buckets) for clusters created using Microsoft Entra Workload ID to comply with organization's security policies.
Goals (aka. expected user outcomes)
Create private storage bucket for self-managed OpenShift Azure clusters that uses Microsoft Entra Workload ID using ccoctl.
Requirements (aka. Acceptance Criteria):
Enhance ccoctl to provide an option akin to "create-private-s3-bucket" flag in the "ccoctl azure create" command to create private storage bucket.
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
Deployment considerations | List applicable specific needs (N/A = not applicable) |
Self-managed, managed, or both | Self-managed |
Classic (standalone cluster) | Classic |
Hosted control planes | N/A |
Multi node, Compact (three node), or Single node (SNO), or all | All |
Connected / Restricted Network | All |
Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | All |
Operator compatibility | |
Backport needed (list applicable versions) | No |
UI need (e.g. OpenShift Console, dynamic plugin, OCM) | N/A |
Other (please specify) |
Use Cases (Optional):
As an OpenShift Administrator, I want to create private storage bucket in conjunction with Azure's Microsoft Entra Workload ID authentication to store the OIDC endpoint configuration (vs. creating public bucket which is against company security policy).
Questions to Answer (Optional):
N/A
Out of Scope
N/A
Background
N/A
Customer Considerations
N/A
Documentation Considerations
Existing documentation would need to get updated to reflect optional ability to create private bucket
Interoperability Considerations
N/A