Except webhook, how about custom module(call keystone API directly from custom
module) for authorization? (
https://kubernetes.io/docs/admin/authorization/#custom-modules )
Webhook:
Pros.: http calling, loose coupling, more flexible configuration.
Cons.: Degraded performance, one more hop
custom module:
Pros.: direct function call, better performance, less process to
maintain.
Cons.: coupling, built-in module.
Best Regards
Chaoyi Huang (joehuang)
________________________________________
From: Morgan Fainberg [[email protected]]
Sent: 09 August 2017 12:26
To: OpenStack Development Mailing List (not for usage questions)
Cc: [email protected]
Subject: Re: [openstack-dev] [keystone][kubernetes] Webhook PoC for Keystone
based Authentication and Authorization for Kubernetes
I shall take a look at the webhooks and see if I can help on this front.
--Morgan
On Tue, Aug 8, 2017 at 6:34 PM, joehuang <[email protected]> wrote:
> Dims,
>
> Integration of keystone and kubernetes is very cool and in high demand. Thank
> you very much.
>
> Best Regards
> Chaoyi Huang (joehuang)
>
> ________________________________________
> From: Davanum Srinivas [[email protected]]
> Sent: 01 August 2017 18:03
> To: [email protected]; OpenStack Development Mailing
> List (not for usage questions)
> Subject: [openstack-dev] [keystone][kubernetes] Webhook PoC for Keystone
> based Authentication and Authorization for Kubernetes
>
> Team,
>
> Having waded through the last 4 attempts as seen in kubernetes PR(s)
> and Issues and talked to a few people on SIG-OpenStack slack channel,
> the consensus was that we should use the Webhook mechanism to
> integrate Keystone and Kubernetes.
>
> Here's the experiment : https://github.com/dims/k8s-keystone-auth
>
> Anyone interested in working on / helping with this? Do we want to
> create a repo somewhere official?
>
> Thanks,
> Dims
>
> --
> Davanum Srinivas :: https://twitter.com/dims
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [email protected]?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [email protected]?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
