-
Feature
-
Resolution: Done
-
Critical
-
None
-
BU Product Work
-
False
-
-
False
-
20% To Do, 0% In Progress, 80% Done
-
L
-
1
-
0
-
Program Call
-
Proposed
Feature Overview (aka. Goal Summary)
A guest cluster can use an external OIDC token issuer. This will allow machine-to-machine authentication workflows
Goals (aka. expected user outcomes)
A guest cluster can configure OIDC providers to support the current capability: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens and the future capability: https://github.com/kubernetes/kubernetes/blob/2b5d2cf910fd376a42ba9de5e4b52a53b58f9397/staging/src/k8s.io/apiserver/pkg/apis/apiserver/types.go#L164 with an API that
- allows fixing mistakes
- alerts the owner of the configuration that it's likely that there is a misconfiguration (self-service)
- makes distinction between product failure (expressed configuration not applied) from configuration failure (the expressed configuration was wrong), easy to determine
- makes cluster recovery possible in cases where the external token issuer is permanently gone
- allow (might not require) removal of the existing oauth server
Requirements (aka. Acceptance Criteria):
A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
Questions to Answer (Optional):
Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.
Interoperability Considerations
Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.
- relates to
-
OCPBUGS-30028 [Documents] Document "FailedDiscoveryCheck" apiservice issue is expected and can be avoided by ensuring external OIDC is configured at the time when the HostedCluster is created instead of configured after it is created
- Closed
-
OCPSTRAT-987 Hosted Control Planes is seamlessly integrated as a backend for ARO
- In Progress
- links to