Uploaded image for project: 'Container / Cluster Management (XCM) Strategy'
  1. Container / Cluster Management (XCM) Strategy
  2. XCMSTRAT-580

[UI Portion] External OIDC Configuration via OCM in HCP



    • False
    • Hide


    • False
    • Not Selected
    • XCMSTRAT-365ROSA must support external OIDC token issuers
    • 25
    • 25% 25%
    • 1
    • 0


      Feature Overview (aka. Goal Summary)

      A customer can configure OIDC providers to support the current capability: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens and the future capability: https://github.com/kubernetes/kubernetes/blob/2b5d2cf910fd376a42ba9de5e4b52a53b58f9397/staging/src/k8s.io/apiserver/pkg/apis/apiserver/types.go#L164 with a mechanism that 

      1. allows fixing mistakes
      2. makes cluster recovery possible in cases where the external token issuer is permanently gone
      3. allow (might not require, not sure yet) removal of the existing oauth server
      4. provides mechanism to grant the first users (maybe groups) cluster-admin permission (rbac clusterrolebinding?)

      Given likely re-use, it might be useful to allow configuration of not-commonly changing information distinct from commonly changing.  For instance, most kube cluster should have unique audiences, but the issuer-url and username-claim is probably the same for all clusters.

      Goals (aka. expected user outcomes)

      The observable functionality that the user now has as a result of receiving this feature. Include the anticipated primary user type/persona and which existing features, if any, will be expanded. Complete during New status.

      Requirements (aka. Acceptance Criteria):

      A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.

      Out of Scope

      High-level list of items that are out of scope. Initial completion during Refinement status.


      Provide any additional context is needed to frame the feature. Initial completion during Refinement status.

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.


        Issue Links



              rhn-engineering-abhgupta Abhishek Gupta
              deads@redhat.com David Eads
              Jayakrishnan Mekkattillam Jayakrishnan Mekkattillam
              Stephanie Stout Stephanie Stout
              0 Vote for this issue
              9 Start watching this issue