Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-993

Use Bound Service account tokens when generating image pull secrets

XMLWordPrintable

    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-890 No auto-generation of service account secrets
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)

      Stop generating long-lived service account tokens. Long-lived service account tokens are currently generated in order to then create an image pull secret for the internal image registry. This feature calls for using the TokenRequest API to generate a bound service account token for use in the image pull secret.

      Goals (aka. expected user outcomes)

      Use TokenRequest API to create image pull secrets. 
      {}Performance benefits:

      One less secret created per service account. This will result in at least three less secrets generated per namespace.

      Security benefits:

      Long lived tokens which are no longer recommended as they present a possible security risk.

      Requirements (aka. Acceptance Criteria):

      A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.

      Out of Scope

      High-level list of items that are out of scope. Initial completion during Refinement status.

      Background

      Provide any additional context is needed to frame the feature. Initial completion during Refinement status.

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.

              atelang@redhat.com Anjali Telang
              atelang@redhat.com Anjali Telang
              Andrea Hoffer Andrea Hoffer
              David Eads David Eads
              Luis Sanchez Luis Sanchez
              Anjali Telang Anjali Telang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: