Hi everyone,
a question about the mgmt-gateway and oauth2-proxy services, because we
want to incorporate one or both of them into our Ceph training course.
I understand that as of Tentacle, mgmt-gateway exists as an
administrative simplification for access to the Dashboard and the
orchestrated monitoring stack,[0] and that it has OpenID Connect (OIDC)
support via oauth2-proxy. The docs[1] assert that oauth2-proxy serves as
"an advanced method for managing authentication and access control for
Ceph applications".
We've also had OIDC support in radosgw since Octopus (I believe),
however it is tied to an implementation of a subset of STS[2],
configuration is rather non-trivial[3], and as far as I understand it is
presently not integrated with oauth2-proxy.
Now my question is: will oauth2-proxy eventually be integrated with
radosgw to replace and remove the STS dependency, or are the two OIDC
integrations expected to coexist in parallel?
Thanks!
Cheers,
Florian
[0] https://docs.ceph.com/en/latest/cephadm/services/mgmt-gateway/
[1] https://docs.ceph.com/en/latest/cephadm/services/oauth2-proxy/
[2] https://docs.ceph.com/en/latest/radosgw/oidc/
[3]
https://community.ibm.com/community/user/blogs/deepak-thorat/2024/03/20/ceph-isv-integration-using-open-id-connect
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
