-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
rhos-18.0.10 FR 3
-
None
-
Moderate
-
Not Selected
-
False
-
False
-
-
S
-
-
-
-
-
-
0
-
0
-
33% To Do, 0% In Progress, 67% Done
-
Red Hat OpenStack Services on OpenShift (formerly Red Hat OpenStack Platform)
-
Release Note Not Required
Feature Overview
Deliver images to allowing tenant-level access to telemetry data.
Goals
- Images for access control proxies are imported downstream and are shipped with RHOSO.
- aetos-proxy
- Images are verified as being available in a disconnected environment.
Requirements
| Requirement | Notes | isMVP? |
|---|---|---|
| aetos-proxy image is imported and built for production delivery | yes | |
| Proxy images are shipped within the RHOSO product (openstack-operator) | yes | |
| Images are available and work within a disconnected environment deployment | yes |
Done - Acceptance Criteria
Production chain is setup for the import of the proxy images and are able to ship within the openstack-operator.
Use Cases - i.e. User Experience & Workflow:
The eventual use case will be to update any RHOSO services that need to access telemetry data to do so through an interface that can provide tenancy. Currently these services access Prometheus directly and provides no RBAC interfaces.
The need to implement the proxy and update services to use those routes instead is to provide access control to telemetry data on an as-needed basis (only expose the data that is required by the service).
Being able to limit data by tenant instead of administrator level access (unless specifically configured) will provide a better security story.
Out of Scope
- Implementation of Aetos within the services themselves. (Only the availability of the images is expected in this Feature.)
Documentation Considerations
No documentation interfaces are expected as part of this delivery.
Questions to Answer
- Is it possible to import a net-new image into the RHOSO 18 production chain if it needs building on python 3.10?
- Is it possible to ship the Aetos proxy images on a base image that utilizes an earlier version of python as used by Antelope (py 3.9)?
- Based on comments at https://issues.redhat.com/browse/OSPRH-17500?focusedId=28217873&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-28217873 it seems there has been some testing to build for Antelope. More investigation required to confirm.
Background and Strategic Fit
No extra background information expected to be required.
Customer Considerations
No customer considerations are expected for this Feature. The interface should be transparent to customers and there is no expected administrator-facing configuration.
Risks
- Aetos is a net-new project that targets Flamingo, which uses py3.10, therefore there is a risk with how we will import and productize this in RHOSO 18 (Antelope). RHOSO 19 is expected to target an OpenStack release after Flamingo.
- is depended on by
-
-
- Refinement
-
