On Thu, Sep 25, 2014 at 6:02 AM, Clint Byrum <cl...@fewbar.com> wrote:
> However, this does make me think that Keystone domains should be exposable > to services inside your cloud for use as SSO. It would be quite handy > if the keystone users used for the VMs that host Kubernetes could use > the same credentials to manage the containers. > I was exactly thinking about the same and looking at the code here : https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/client/request.go#L263 it seems to use some basic HTTP auth which should be enough with the REMOTE_USER/apache feature of keystone : http://docs.openstack.org/developer/keystone/external-auth.html#using-httpd-authentication but if we want to have proper full integration with OpenStack we would probably at some point want to teach modularity and a keystone plugin to give to k8 Chmouel
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
