Feature Overview

The following OLM-managed operators are deemed critical and shall be enabled for the standardized Azure Identity configuration flow (OCPBU-560):

• OADP
• Cluster Logging

Goals

Unblock critical functionality on ARO with a streamlined, repeatable user experience to ease adoption of the service.

Requirements:

• based on OCPBU-560, the following operators will be enabled to support the standard configuration flow for Azure Identity tokens:
  • OADP
  • Cluster Logging
• the operators core logic and metadata will be adapted to enable the flow on the command line and the Console

Background

In interaction with ARO customers these operators often come up as foundational to successful adoption of the platform. Having a streamlined process around installing these with integration into Azure Identity will enable security-conscious customers to adopt the platform faster.

Customer Considerations

Customers will have the expectation to use the ccoctl tool to carry out IAM changes in conjunction with ARO.  If we are not able to meet it, this needs to be clearly documented and the alternative described in detail.

Documentation Considerations

Every one of these operators needs to clearly outline with IAM permissions are required and provide easy to follow steps to create them. This information should be visible from the operators description (part of the OLM metadata) as well as reside in the components official product documentation.