RETIRED, Function as a Service for OpenStack
Go to file
Hunt Xu 76d01bb325 Allow qinling to connect to k8s API with certificates
By now, qinling connects to the Kubernetes API server insecurely.
kubectl proxy is used for testing purpose. However, in real production
deployments, it is not a good idea to let qinling connect to the
Kubernetes API server without any authentication and authorization.

This commit adds the support in qinling for it to connect to the
Kubernetes API server with X509 Client Certs for authentication [1].
An example file is also added for users to grant specific access to the
Kubernetes API for qinling using the RBAC authorization of
Kubernetes [2]. With these users can control qinling's access to the
Kubernetes API [3] and ensure qinling uses a secure connection to talk
with the Kubernetes API.

Devstack plugin also setups qinling to connect to Kubernetes API server
using TLS certificates by default. This makes the deployment with
devstack closer to a production-ready environment. For testing purpose,
user can set the QINLING_K8S_APISERVER_TLS variable to False in
devstack's local.conf.

Note: a HOTWO document will be added in a follow-up commit.

[1] https://kubernetes.io/docs/admin/authentication/#x509-client-certs
[2] https://kubernetes.io/docs/admin/authorization/rbac/
[3] https://kubernetes.io/docs/admin/accessing-the-api/

Change-Id: I532f131abbfc8ed90de398cc135e9b8248d2757a
2018-04-11 17:26:20 +08:00
devstack Allow qinling to connect to k8s API with certificates 2018-04-11 17:26:20 +08:00
doc Add specs folder for Qinling 2018-03-22 21:22:16 +00:00
etc Add administrative operations for some resources 2018-01-18 14:45:11 +13:00
example Allow qinling to connect to k8s API with certificates 2018-04-11 17:26:20 +08:00
playbooks zuul: create Neutron config dir for the devstack job 2018-03-20 14:28:12 +08:00
qinling Allow qinling to connect to k8s API with certificates 2018-04-11 17:26:20 +08:00
qinling_tempest_plugin Allow qinling to connect to k8s API with certificates 2018-04-11 17:26:20 +08:00
releasenotes Fix releasenotes job is failure 2017-12-04 12:41:21 +08:00
runtimes Add Node.js runtime support 2018-03-09 11:18:18 +13:00
tools Allow qinling to connect to k8s API with certificates 2018-04-11 17:26:20 +08:00
.coveragerc Exclude tests and db migrations from coverage report 2018-03-21 14:25:27 +08:00
.gitignore tests: replace .testr.conf with .stestr.conf 2017-10-10 18:03:00 +08:00
.gitreview Make api service work 2017-04-14 15:17:05 +12:00
.mailmap Make api service work 2017-04-14 15:17:05 +12:00
.stestr.conf tests: replace .testr.conf with .stestr.conf 2017-10-10 18:03:00 +08:00
.zuul.yaml add lower-constraints job 2018-03-22 18:36:23 -04:00
CONTRIBUTING.rst doc: use storyboard link in CONTRIBUTING 2018-02-28 10:26:18 +08:00
HACKING.rst Update and replace http with https for doc links in qinling 2017-08-13 19:28:54 -07:00
LICENSE Initial commit for qinling project 2017-04-11 15:13:10 +12:00
README.rst Update qinling doc location to docs.openstack.org 2018-03-02 20:21:18 +08:00
babel.cfg Initial commit for qinling project 2017-04-11 15:13:10 +12:00
lower-constraints.txt add lower-constraints job 2018-03-22 18:36:23 -04:00
requirements.txt Updated from global requirements 2018-03-26 08:27:02 +00:00
setup.cfg Update home-page url 2018-02-25 23:49:16 +08:00
setup.py Use uWSGI for python runtime 2018-03-01 17:52:54 +13:00
test-requirements.txt Updated from global requirements 2018-03-22 10:09:36 +00:00
tox.ini add lower-constraints job 2018-03-22 18:36:23 -04:00

README.rst

Qinling

Note

Qinling (is pronounced "tʃinliŋ") refers to Qinling Mountains in southern Shaanxi Province in China. The mountains provide a natural boundary between North and South China and support a huge variety of plant and wildlife, some of which is found nowhere else on Earth.

Qinling is Function as a Service for OpenStack. This project aims to provide a platform to support serverless functions (like AWS Lambda). Qinling supports different container orchestration platforms (Kubernetes/Swarm, etc.) and different function package storage backends (local/Swift/S3) by nature using plugin mechanism.