-
Feature Request
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
1. Proposed title of this feature request
Support for Azure Workload Identity Federation
2. What is the nature and description of the request?
In OpenShift Container Platform 4.11 we already provide workload identity federation functionality for GCP and AWS:
- [ Using manual mode with Amazon Web Services Secure Token Service ]
https://docs.openshift.com/container-platform/4.11/authentication/managing_cloud_provider_credentials/cco-mode-sts.html
- [ Using manual mode with GCP Workload Identity ]
https://docs.openshift.com/container-platform/4.11/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.html
This request is for supporting workload identity federation also for Azure. The use case for the customer is to allow Pods in OpenShift Container Platform running on Azure to get tokens to access external Azure resources. There is already work planned in the following JIRA:
3. Why does the customer need this? (List the business requirements here)
Long-lived tokens present a security risk and it is best practice to use short-lived tokens to access external services. Customer would like to increase the security of his container platform.
4. List any affected packages or components.
Cloud Credentials Operator
- account is impacted by
-
-
- Rejected
-
- impacts account
-
-
- Rejected
-
-
OCPBUGS-979 Bring Your Own OIDC keys feature is not documented
-
- ASSIGNED
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-