Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-891

No token generation for "Deployer" serviceaccount when capability is disabled.

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-890 No auto-generation of service account secrets
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)

      Customer needs to be able to turn off the 'deployer' service account created by openshift by default and not create related SA tokens. This service account cannot be deleted and there is no way to automate project creation to disable their role bindings because a controller manages them. 

       This undermines multi-tenant values of openshift as this is giving a project (and the users in that project who have secret access), permissions that we do not want them to have.

      Goals (aka. expected user outcomes)

      No auto-generation of SA for Deployer SAs especially if the DeploymentConfig capability is not enabled. 

      Requirements (aka. Acceptance Criteria):

      A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.

      Out of Scope

      High-level list of items that are out of scope. Initial completion during Refinement status.

      Background

      Provide any additional context is needed to frame the feature. Initial completion during Refinement status.

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.

            gausingh@redhat.com Gaurav Singh
            atelang@redhat.com Anjali Telang
            Wei Sun Wei Sun
            Andrea Hoffer Andrea Hoffer
            Eric Rich Eric Rich
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: