You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -52,11 +52,11 @@ It must be possible for the cluster administrator to specify they wish to authen
```
#### Story 2 - EKS Hub administrator must initialize a hub using aws-irsa authentication strategy only, using csr authentication strategy will throw an error
#### Story 2 - Hub administrator can initialize a hub using aws-irsa authentication strategy or CSR based authentication.
`clusteradm init` command must fail if the EKS hub admin tries to initialize the hub, using `csr` authentication or, by leaving it at its default setting.
`clusteradm init` command will be using `csr` authentication by default.
`clusteradm init` can check this by creating a dummy CSR (Certificate Signing Request), attempting to approve it, and checking if it succeeds or fails and finally deleting CSR. If client CSR authentication is not available for the hub cluster, the CSR will receive a "failed" condition.
The `clusteradm init`command can verify CSR (Certificate Signing Request) support by creating a dummy CSR, attempting to approve it, and checking the outcome. If client CSR authentication is unavailable for the hub cluster, the dummy CSR will receive a "failed" condition, and the administrator will receive a warning.
OCM hub will support following authentication strategies:
-**aws-irsa** (supported only when both hub and managed cluster are on EKS)
