Details
-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
Hi Team,
I realised that the ARO Service Principal is such a critical service account for customers' ARO Clusters. But we found many cases that its contributor role to the RG has been removed by customers (maybe their security team or Azure admin team which may be different from ARO cluster owners).
We could have incidents (wildcard certs expiration) due to the ARO SP could not renew them automatically, so I am wondering if we can add some monitoring to ensure the ARO SP is functioning as expected.
If not, we may send a service log to the cluster admin to reach out to their Azure admin team.
Kind regards,
Tao