Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of information regarding what and how Red Hat/Microsoft SREs access ARO Clusters #115925

Closed
ricmmartins opened this issue Oct 12, 2023 · 6 comments
Closed

Lack of information regarding what and how Red Hat/Microsoft SREs access ARO Clusters #115925

ricmmartins opened this issue Oct 12, 2023 · 6 comments
Assignees
@johnmarco @joharder
Labels
assigned-to-author azure-redhat-openshift/svc doc-enhancement Pri2 triaged

Comments

@ricmmartins
Copy link
Contributor

There is a lack of information regarding the activities performed by SREs on ARO clusters and also how they perform.

It would be nice to see in the ARO documentation something like what exists for ROSA regarding the SRE access and permissions on ROSA clusters: https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-sre-access.html

Things that would be interesting to know:

  • A list of activities that could be performed from SREs
  • How is the SRE access through the ARO RP?
  • Do they have read/write access?
  • How do they achieve elevated privileges?
  • Is there a just-in-time access security feature related?
  • Are SRE access tracked?
  • What are the security guardrails involved within the SRE access?
  • Are the SREs allowed to access customer workload namespaces and customer data?
  • What kind of RBAC permissions do the SREs have?
  • There are different levels of access for SREs?
  • Is the customer informed when SRE is accessing the cluster? Is there any kind of approval process for that?
  • Can the SRE perform SSH connection against the Cluster nodes?

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
@AjayBathini-MSFT
Copy link
Contributor

@ricmmartins
Thanks for your feedback! We will investigate and update as appropriate.

@SaibabaBalapur-MSFT
Copy link
Contributor

@joharder
Can you please check and add your comments on this doc update request as applicable.

@SaibabaBalapur-MSFT
Copy link
Contributor

@ricmmartins
Thanks for bringing this to our attention.
I'm going to assign this to the document author so they can take a look at it accordingly.

@joharder
Copy link
Contributor

joharder commented Apr 4, 2024

#assign johnmarco

@johnmarco can we get an item created to look into this?

@joharder
Copy link
Contributor

joharder commented Apr 4, 2024

#assign:johnmarco

@rayoef
Copy link
Contributor

rayoef commented Jul 12, 2024

Thanks for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner, and we sincerely apologize for the delayed response. The requested updates have not been made since the creation of this issue. We've created an internal work item to incorporate your suggestions. We are closing this issue for now, but feel free to comment here as necessary.

#please-close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnmarco johnmarco

@joharder joharder

Labels
assigned-to-author azure-redhat-openshift/svc doc-enhancement Pri2 triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@johnmarco @ricmmartins @joharder @rayoef @AjayBathini-MSFT @SaibabaBalapur-MSFT