XML

Word

Printable

Type: Feature
Resolution: Duplicate
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

RICE Score:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:

OCP/Telco Definition of Done
Feature Template descriptions and documentation.
<--- Cut-n-Paste the entire contents of this description into your new Feature --->
<--- Remove the descriptive text as appropriate --->

Feature Overview

This is their pod identity v2 approach for connecting to Azure workloads from on-cluster and is an alternative to first party service credentials.
Similar to the STS webhook from AWS, and an alternative to using first party service credentials.

Goals

As an administrator, I want to deploy OpenShift 4 and run Operators on Azure using access controls (IAM roles) with temporary, limited privilege credentials.
Using workload identity federation allows the Administrator to access Azure Active Directory (Azure AD) protected resources without needing to manage secrets (for supported scenarios).

Requirements

Add support to CCO for the Installation and Upgrade using both UPI and IPI methods with Azure Workload Identity Federation.
Support the use of Operators with Azure Workload Identity Federation.
This Section:* A list of specific needs or objectives that a Feature must deliver to satisfy the Feature.. Some requirements will be flagged as MVP. If an MVP gets shifted, the feature shifts. If a non MVP requirement slips, it does not shift the feature.

Requirement	Notes	isMvp?
CI - MUST be running successfully with test automation	This is a requirement for ALL features.	YES
Release Technical Enablement	Provide necessary release enablement details and documents.	YES

(Optional) Use Cases

This Section:

Main success scenarios - high-level user stories
Alternate flow/scenarios - high-level user stories
...

Questions to answer…

Out of Scope

Background, and strategic fit

This Section: What does the person writing code, testing, documenting need to know? What context can be provided to frame this feature.

Assumptions

Operator owners will provide adequate handling of these credentials

Customer Considerations

Provides support for customers looking to use Azure security best practices and secure operations

Documentation Considerations

Questions to be addressed:

What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)?
Does this feature have doc impact?
New Content, Updates to existing content, Release Note, or No Doc Impact
If unsure and no Technical Writer is available, please contact Content Strategy.
What concepts do customers need to understand to be successful in [action]?
How do we expect customers will use the feature? For what purpose(s)?
What reference material might a customer want/need to complete [action]?
Is there source material that can be used as reference for the Technical Writer in writing the content? If yes, please link if available.
What is the doc impact (New Content, Updates to existing content, or Release Note)?

References

Assignee:: Marcos Entenza Garcia

Reporter:: Ju Lim

Contributors:: Andrew Butcher, Derek Carr, Eric Fried, Jerome Boutaud, Ju Lim, Marcos Entenza Garcia, Mike Worthington, Patrick Dillon, Scott Dodson

Developer:: Andrew Butcher

SME:: Andrew Butcher

Votes:: 5 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2022/05/12 2:01 PM

Updated:: 2023/06/07 5:02 PM

Resolved:: 2022/12/07 9:30 PM

Details

Description