Uploaded image for project: 'OpenShift Specialist Platform Team'
  1. OpenShift Specialist Platform Team
  2. SPLAT-950

[aws][cco] STS Implement procedure for migrating from a public s3 bucket OIDC to a private s3 bucket OIDC with CloudFront Distribution

    XMLWordPrintable

Details

    Description

      As an administrator of a cluster utilizing AWS STS with a public S3 bucket OIDC provider, I would like a documented procedure with steps that can be followed to migrate to a private S3 bucket with CloudFront Distribution so that I do not have to recreate my cluster.

      ccoctl documentation including parameter `--create-private-s3-bucket`: https://github.com/openshift/cloud-credential-operator/blob/a8ee8a426d38cca3f7339ecd0eac88f922b6d5a0/docs/ccoctl.md

      Existing manual procedure for configuring private S3 bucket with CloudFront Distribution: https://github.com/openshift/cloud-credential-operator/blob/master/docs/sts-private-bucket.md

      https://coreos.slack.com/archives/CE3ETN3J8/p1666174054230389?thread_ts=1665496599.847459&cid=CE3ETN3J8

      Goal:

      The participation on SPLAT will be:

       

      ACCEPTANCE CRITERIA

      • Document created on CCO repo, reviewed, approved by QE and merged
      • KCS/Article created

       

      REFERENCES:

      Supporting document: https://github.com/openshift/cloud-credential-operator/blob/master/docs/sts.md#steps-to-in-place-migrate-an-openshift-cluster-to-sts

      NOTE: we should add that this step is not supported or recommended.

       

      Attachments

        Issue Links

          clones

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CCO-281 AWS STS Implement procedure for migrating from a public s3 bucket OIDC to a private s3 bucket OIDC with CloudFront Distribution

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • To Do
          is documented by

          Feature Request - Feature requests from customers and/or users RFE-2898 OCP on AWS with manual STS requires private S3 bucket to host OIDC endpoint

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          links to

          GitHub openshift/cloud-credential-operator#515: SPLAT-950: doc/aws-sts : steps to migrate from public bucket to private issuer URL

          Activity

            People

              rhn-support-mrbraga Marco Braga
              abutcher@redhat.com Andrew Butcher
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 4 hours
                  2d 4h