Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-956

Enable Break Glass access Mechanism for Cloud Services (ROSA as MVP)


    • False
    • Hide


    • False
    • XCMSTRAT-365ROSA must support external OIDC token issuers
    • 0% To Do, 0% In Progress, 100% Done
    • M
    • 1
    • 0
    • 0
    • Program Call
    • Proposed

      Feature Overview (aka. Goal Summary)

      Enable a "Break Glass Mechanism" in ROSA (Red Hat OpenShift Service on AWS) and other OpenShift cloud-services in the future (e.g., ARO and OSD) to provide customers with an alternative method of cluster access via short-lived certificate-based kubeconfig when the primary IDP (Identity Provider) is unavailable.

      Goals (aka. expected user outcomes)

      • Enhance cluster reliability and operational flexibility.
      • Minimize downtime due to IDP unavailability or misconfiguration.
      • The primary personas here are OpenShift Cloud Services Admins and SREs as part of the shared responsibility.
      • This will be an addition to the existing ROSA IDP capabilities.

      Requirements (aka. Acceptance Criteria)

      • Enable the generation of short-lived client certificates for emergency cluster access.
      • Ensure certificates are secure and conform to industry standards.
      • Functionality to invalidate short-lived certificates in case of an exploit.

      Better UX

      • User Interface within OCM to facilitate the process.
      • SHOULD have audit capabilities.
      • Minimal latency when generating and using certificates (to reduce time without access to cluster).

       Use Cases (Optional)

      • A customer's IDP is down, but they successfully use the break-glass feature to gain cluster access.
      • SREs use their own break-glass feature to perform critical operations on a customer's cluster.

      Questions to Answer (Optional)

      • What is the lifetime of generated certificates? 7 days life and 1 day rotation?
      • What security measures are in place for certificate generation and storage?
      • What are the audit requirements?

      Out of Scope

      • Replacement of primary IDP functionality.
      • Use of break-glass mechanism for routine operations (i.e., this is emergency/contingency mechanism)

       Customer Considerations

      • The feature is not a replacement for the primary IDP.
      • Customers must understand the security implications of using short-lived certificates.

      Documentation Considerations

      • How-to guides for using the break-glass mechanism.
      • FAQs addressing common concerns and troubleshooting.
      • Update existing ROSA IDP documentation to include this new feature.

      Interoperability Considerations

      • Compatibility with existing ROSA, OSD (OpenShift Dedicated), and ARO (Azure Red Hat OpenShift) features.
      • Interoperability tests should include scenarios where both IDP and break-glass mechanism are engaged simultaneously for access.

            azaalouk Adel Zaalouk
            azaalouk Adel Zaalouk
            David Eads, Derek Carr, Seth Jennings
            Jie Zhao Jie Zhao
            Aedin Collins Aedin Collins
            Derek Carr Derek Carr
            Dave Mulford Dave Mulford
            0 Vote for this issue
            9 Start watching this issue