Bug #117953 MySQL Operator is unable to use Instance Principal or OKE Workload Identity on OCI
Submitted: 12 Apr 16:24 Modified: 23 Apr 11:34
Reporter: Arnold Galovics Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Operator Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[12 Apr 16:24] Arnold Galovics 
Description:
Based on the docs and the code as well, MySQL Operator for Kubernetes is only capable to use direct configuration when running and backing up to OCI.

I'm not sure how this was not implemented before but if security is critical, you don't want to expose a direct configuration via environment variables to interact with OCI, rather you want to use Instance Principal or OKE Workload Identity.

How to repeat:
See description.
[15 Apr 12:38] MySQL Verification Team 
Hi,

Can you, please, define what would you like to change. We do accept feature requests for MySQL operator but I would appreciate if you can define it fully.

Thanks.
[22 Apr 8:30] Arnold Galovics 
I wanna be able to use the Operator with OCI Instance Principal authorization for accessing the Object Storage bucket for backups or OCI OKE Workload Identity:
- https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
- https://blogs.oracle.com/cloud-infrastructure/post/oke-workload-identity-greater-control-a...
[23 Apr 11:34] MySQL Verification Team 
Thank you for Enhancement Request