-
Epic
-
Resolution: Done
-
Blocker
-
None
-
Azure Disk support for managed identities
-
BU Product Work
-
2
-
False
-
False
-
Green
-
To Do
-
OCPSTRAT-506 - ARO Managed Identity
-
OCPSTRAT-506ARO Managed Identity
-
0% To Do, 0% In Progress, 100% Done
-
Approved
Epic Overview
There is a general effort to support Azure Managed Identities in OCP.
- Enable customers to create and manage OpenShift clusters using managed identities for Azure resources (a.k.a. Managed Service Identity or MSI) for authentication.
- A customer using ARO wants to spin up an OpenShift cluster with "az aro create" without needing additional input, i.e. without the need for an AD account or service principal credentials, and the identity used is never visible to the customer and cannot appear in the cluster.
The epic tracks the work required in Azure Disk Operator to support Azure Managed Identities.
Requirements
- Add support to Azure Disk Operator for the Installation and Upgrade using both UPI and IPI methods with managed identities for Azure resources / Managed Service Identity (MSI).
- Support for HyperShift and non-HyperShift clusters.
- is blocked by
-
CCO-324 Update azure-disk-csi-driver-operator to consume Azure workload identity tokens
- Closed
- is related to
-
CCO-187 Azure Managed Identity (Workload Identity) Support
- Closed
-
CORS-1888 Support for Azure Managed Identities for new OpenShift deployments
- Closed
-
STOR-1144 Review cluster-storage-operator to consume Azure workload identity tokens
- Closed
- relates to
-
CCO-282 Azure OpenShift role granularity for Azure managed identity
- Release Pending