Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-2107

Azure Service Principal Support with Mounted Credentials

XMLWordPrintable

    • Get Azure credentials using Azure SDK's generic NewDefaultAzureCredential function
    • Strategic Product Work
    • False
    • None
    • False
    • Yellow
    • To Do
    • OCPSTRAT-979 - Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
    • OCPSTRAT-979Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
    • 14% To Do, 43% In Progress, 43% Done

      Epic Goal

      The Cluster Storage Operator can authenticate with Service Principal backed by a certificate stored in an Azure Key Vault. The Secrets CSI driver will be used to mount the certificate as a volume on the image registry deployment in a hosted control plane.

      Why is this important?

      • This is needed to enable authentication with Service Principal with backing certificates for ARO HCP.

      Acceptance Criteria

      • Cluster Storage Operator is able to authenticate with Azure in ARO HCP using Service Principal with a backing certificate.
      • Updated documentation
      • ARO HCP CI coverage

      Dependencies (internal and external)

      Azure SDK

      Previous Work (Optional):

      STOR-1697

      Open questions:

      Which degree of coverage should run on AKS e2e vs on existing e2es

      Done Checklist

      CI - Existing CI is running, tests are automated and merged.
      CI - AKS CI is running, tests are automated and merged.
      DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      DEV - Downstream build attached to advisory: <link to errata>
      QE - Test plans in Polarion: <link or reference to Polarion>
      QE - Automated tests merged: <link or reference to automated tests>
      DOC - Downstream documentation merged: <link to meaningful PR>

              rh-ee-brcox Bryan Cox
              asegurap1@redhat.com Antoni Segura Puimedon
              Hemant Kumar, Jan Safranek
              Bryan Cox Bryan Cox
              Penghao Wang Penghao Wang
              Jerome Boutaud Jerome Boutaud
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: