Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-290

Azure Workload Identity (Merged into OCPBU-8)

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Duplicate
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0

      OCP/Telco Definition of Done
      Feature Template descriptions and documentation.
      <--- Cut-n-Paste the entire contents of this description into your new Feature --->
      <--- Remove the descriptive text as appropriate --->

      Feature Overview

      • This is their pod identity v2 approach for connecting to Azure workloads from on-cluster and is an alternative to first party service credentials.
      •  Similar to the STS webhook from AWS, and an alternative to using first party service credentials.

      Goals

      • As an administrator, I want to deploy OpenShift 4 and run Operators on Azure using access controls (IAM roles) with temporary, limited privilege credentials.
      • Using workload identity federation allows the Administrator to access Azure Active Directory (Azure AD) protected resources without needing to manage secrets (for supported scenarios). 

      Requirements

      • Add support to CCO for the Installation and Upgrade using both UPI and IPI methods with Azure Workload Identity Federation.
      • Support the use of Operators with Azure Workload Identity Federation.
      • This Section:* A list of specific needs or objectives that a Feature must deliver to satisfy the Feature.. Some requirements will be flagged as MVP. If an MVP gets shifted, the feature shifts. If a non MVP requirement slips, it does not shift the feature.
      Requirement Notes isMvp?
      CI - MUST be running successfully with test automation This is a requirement for ALL features. YES
      Release Technical Enablement Provide necessary release enablement details and documents. YES

      (Optional) Use Cases

      This Section:

      • Main success scenarios - high-level user stories
      • Alternate flow/scenarios - high-level user stories
      • ...

      Questions to answer…

      • ...

      Out of Scope

      Background, and strategic fit

      This Section: What does the person writing code, testing, documenting need to know? What context can be provided to frame this feature.

      Assumptions

      • Operator owners will provide adequate handling of these credentials

      Customer Considerations

      • Provides support for customers looking to use Azure security best practices and secure operations

      Documentation Considerations

      Questions to be addressed:

      • What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)?
      • Does this feature have doc impact?
      • New Content, Updates to existing content, Release Note, or No Doc Impact
      • If unsure and no Technical Writer is available, please contact Content Strategy.
      • What concepts do customers need to understand to be successful in [action]?
      • How do we expect customers will use the feature? For what purpose(s)?
      • What reference material might a customer want/need to complete [action]?
      • Is there source material that can be used as reference for the Technical Writer in writing the content? If yes, please link if available.
      • What is the doc impact (New Content, Updates to existing content, or Release Note)?

      References

              mak.redhat.com Marcos Entenza Garcia
              julim Ju Lim
              Andrew Butcher, Derek Carr, Eric Fried, Jerome Boutaud, Ju Lim, Marcos Entenza Garcia, Mike Worthington, Patrick Dillon, Scott Dodson
              Andrew Butcher Andrew Butcher
              Andrew Butcher Andrew Butcher
              Votes:
              5 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: