d8df9d0c36
With the new config option `keystone_auth_default_policy`, cloud admin can set a default keystone auth policy for k8s cluster when the keystone auth is enabled. As a result, user can use their current keystone user to access k8s cluster as long as they're assigned correct roles, and they will get the pre-defined permissions set by the cloud provider. The default policy now is based on the v2 format recently introduced in k8s-keystone-auth which is getting more useful now. For example, in v1 it doesn't support a policy for user to access resources from all namespaces but kube-system, but v2 can do that. NOTE: Now we're using openstackmagnum dockerhub repo until CPO team fixing their image release issue. Task: 30069 Story: 1755770 Change-Id: I2425e957bd99edc92482b6f11ca0b1f91fe59ff6
10 lines
397 B
YAML
10 lines
397 B
YAML
---
|
|
issues:
|
|
- |
|
|
With the new config option keystone_auth_default_policy, cloud admin
|
|
can set a default keystone auth policy for k8s cluster when the
|
|
keystone auth is enabled. As a result, user can use their current
|
|
keystone user to access k8s cluster as long as they're assigned
|
|
correct roles, and they will get the pre-defined permissions
|
|
defined by the cloud provider.
|