-
Epic
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
Get Azure credentials using Azure SDK's generic NewDefaultAzureCredential function
-
Strategic Product Work
-
False
-
None
-
False
-
Yellow
-
To Do
-
OCPSTRAT-979 - Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
-
OCPSTRAT-979Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
-
14% To Do, 43% In Progress, 43% Done
Epic Goal
The Cluster Storage Operator can authenticate with Service Principal backed by a certificate stored in an Azure Key Vault. The Secrets CSI driver will be used to mount the certificate as a volume on the image registry deployment in a hosted control plane.
Why is this important?
- This is needed to enable authentication with Service Principal with backing certificates for ARO HCP.
Acceptance Criteria
- Cluster Storage Operator is able to authenticate with Azure in ARO HCP using Service Principal with a backing certificate.
- Updated documentation
- ARO HCP CI coverage
Dependencies (internal and external)
Azure SDK
Previous Work (Optional):
Open questions:
Which degree of coverage should run on AKS e2e vs on existing e2es
Done Checklist
CI - Existing CI is running, tests are automated and merged.
CI - AKS CI is running, tests are automated and merged.
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Downstream documentation merged: <link to meaningful PR>
- clones
-
NE-1840 Azure Service Principal Support with Mounted Credentials
- Dev Complete
- is blocked by
-
OCPBUGS-44627 OpenShift Components on HCP Cannot Authenticate with Client Certificate
- ON_QA
- is cloned by
-
SDN-5372 Azure Service Principal Support with Mounted Credentials
- Dev Complete