d8df9d0c36
With the new config option `keystone_auth_default_policy`, cloud admin can set a default keystone auth policy for k8s cluster when the keystone auth is enabled. As a result, user can use their current keystone user to access k8s cluster as long as they're assigned correct roles, and they will get the pre-defined permissions set by the cloud provider. The default policy now is based on the v2 format recently introduced in k8s-keystone-auth which is getting more useful now. For example, in v1 it doesn't support a policy for user to access resources from all namespaces but kube-system, but v2 can do that. NOTE: Now we're using openstackmagnum dockerhub repo until CPO team fixing their image release issue. Task: 30069 Story: 1755770 Change-Id: I2425e957bd99edc92482b6f11ca0b1f91fe59ff6 |
||
|---|---|---|
| .. | ||
| lib | ||
| plugin.sh | ||
| README.rst | ||
| settings | ||
DevStack Integration
This directory contains the files necessary to integrate magnum with devstack.
Refer the quickstart guide at http://docs.openstack.org/developer/magnum/dev/quickstart.html for more information on using devstack and magnum.
Running devstack with magnum for the first time may take a long time as it needs to download the Fedora Atomic qcow2 image (see http://www.projectatomic.io/download/).
To install magnum into devstack, add the following settings to enable the magnum plugin:
cat > /opt/stack/devstack/local.conf << END
[[local|localrc]]
enable_plugin heat https://github.com/openstack/heat master
enable_plugin magnum https://github.com/openstack/magnum master
ENDAdditionally, you might need additional Neutron configurations for your environment. Please refer to the devstack documentation1 for details.
Then run devstack normally:
cd /opt/stack/devstack
./stack.sh