-
Outcome
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
None
-
BU Priority
-
0%
-
Not Selected
Feature Overview (aka. Goal Summary)
The following operators are considered high priority and common for customers to use with ROSA. To enhance UX and reduce management overhead, their AWS IAM policies are planned to be prepared and submitted to AWS to be published as AWS managed policies:
- ALB Operator (AWS Load Balancer Operator)
- Log Forwarding operator
- AWS EFS Operator
- OADP (Open API for Data Protection) Operator
When each operator is installed in a cluster, a reliable ARN can be referenced when preparing roles and policies required by the operator in order to function.
Each operator team will need to provide the most up-to-date version of the policy so that AWS can publish the latest policy all the time.
Requirements (aka. Acceptance Criteria):
- All child issues of this XCMSTRAT Outcome are complete.
- New clusters as of a TBD version or date, would be able to use the policies
- existing customers should not be affected, but could use the policies as well
- Documentation provides details about all of the above to allow customers to make an informed decision as to how to use the policy and when to use which policy and what restrictions exist.
- All clients of ROSA would be functional with this change (Terraform, ROSA CLI, UI)
Questions to Answer (Optional):
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Documentation Considerations
Documentation will need to be updated to indicate what are the defaults, how these policies are used and why the operator needs the permissions.
- clones
-
XCMSTRAT-307 Classic Policies - Adapt control plane policy
- New
- is caused by
-
RFE-3432 [RFE] 03352278 | ROSA - AWS Asset Vulnerability with IAM policy for ManagedOpenShift-Installer-Role-Policy
- Backlog
- is depended on by
-
XCMSTRAT-6 ROSA Security
- New
- relates to
-
XCMSTRAT-56 SD day2-operator STS enablement
- New