-
Feature
-
Resolution: Duplicate
-
Critical
-
None
-
None
-
None
-
None
-
BU Product Work
-
False
-
-
False
-
0
OCP/Telco Definition of Done
Feature Template descriptions and documentation.
<--- Cut-n-Paste the entire contents of this description into your new Feature --->
<--- Remove the descriptive text as appropriate --->
Feature Overview
- This is their pod identity v2 approach for connecting to Azure workloads from on-cluster and is an alternative to first party service credentials.
- Similar to the STS webhook from AWS, and an alternative to using first party service credentials.
Goals
- As an administrator, I want to deploy OpenShift 4 and run Operators on Azure using access controls (IAM roles) with temporary, limited privilege credentials.
- Using workload identity federation allows the Administrator to access Azure Active Directory (Azure AD) protected resources without needing to manage secrets (for supported scenarios).
Requirements
- Add support to CCO for the Installation and Upgrade using both UPI and IPI methods with Azure Workload Identity Federation.
- Support the use of Operators with Azure Workload Identity Federation.
- This Section:* A list of specific needs or objectives that a Feature must deliver to satisfy the Feature.. Some requirements will be flagged as MVP. If an MVP gets shifted, the feature shifts. If a non MVP requirement slips, it does not shift the feature.
Requirement | Notes | isMvp? |
---|---|---|
CI - MUST be running successfully with test automation | This is a requirement for ALL features. | YES |
Release Technical Enablement | Provide necessary release enablement details and documents. | YES |
(Optional) Use Cases
This Section:
- Main success scenarios - high-level user stories
- Alternate flow/scenarios - high-level user stories
- ...
Questions to answer…
- ...
Out of Scope
- …
Background, and strategic fit
This Section: What does the person writing code, testing, documenting need to know? What context can be provided to frame this feature.
Assumptions
- Operator owners will provide adequate handling of these credentials
Customer Considerations
- Provides support for customers looking to use Azure security best practices and secure operations
Documentation Considerations
Questions to be addressed:
- What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)?
- Does this feature have doc impact?
- New Content, Updates to existing content, Release Note, or No Doc Impact
- If unsure and no Technical Writer is available, please contact Content Strategy.
- What concepts do customers need to understand to be successful in [action]?
- How do we expect customers will use the feature? For what purpose(s)?
- What reference material might a customer want/need to complete [action]?
- Is there source material that can be used as reference for the Technical Writer in writing the content? If yes, please link if available.
- What is the doc impact (New Content, Updates to existing content, or Release Note)?