Hi, Tom 2015年6月16日(火) 3:00 Tom Cammann <tom.camm...@hp.com>:
> > At the summit we talked about using Magnum as a CA and signing the > certificates, and we seemed to have some consensus about doing this with > the > possibility of using Anchor. This would take a lot of the onus off of > the user to > fiddle around with openssl and craft the right signed certs safely. Using > Magnum as a CA the user would generate a key/cert pair, and then get the > cert signed by Magnum, and the kube node would do the same. The main > downside of this technique is that the user MUST trust Magnum and the > administrator as they would have access to the CA signing cert. > I'm not sure about Anchor. You mean, Anchor can be used for implementation of Magnum as a CA. Right? Thanks -yuanying
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev