starlingx/docs
Code Issues Proposed changes

Node Management and Distributed cloud Guide updates

Browse Source 
Global Pass Upgrades

Added content from emails attached to ticket and sharepoint

Pacth 01: inputs from email by Greg

Patch 03: Created new section for subcloud group
          updated table 1 shared system configurations

Patch 04: corrected typos (Mary's comments)

Patch 05: solved merged conflict

patch 06: removed broken link

Story: TBD
Task: TBD



Signed-off-by: Adil <mohamed.adilassakkali@windriver.com>
Change-Id: I60b0a40a60a44d30429cd3a4dd8374c16345951a
This commit is contained in:
Adil
2021-05-26 14:59:08 -03:00
parent ef1c5ac068
commit ac4d8fea44
41 changed files with 235 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
doc/source/security/kubernetes/centralized-oidc-authentication-setup-for-distributed-cloud.rst
View File

@@ -17,7 +17,7 @@ Distributed Setup
-----------------
For a distributed setup, configure the **kube-apiserver**, and
**oidc-auth-apps** independently for each cloud, SystemController, and all
**oidc-auth-apps** independently for each cloud, System Controller, and all
subclouds. For more information, see:
@@ -53,21 +53,21 @@ Centralized Setup
-----------------
For a centralized setup, the **oidc-auth-apps** is configured '**only**' on
the SystemController. The **kube-apiserver** must be configured on all
clouds, SystemController, and all subclouds, to point to the centralized
**oidc-auth-apps** running on the SystemController. In the centralized
the System Controller. The **kube-apiserver** must be configured on all
clouds, System Controller, and all subclouds, to point to the centralized
**oidc-auth-apps** running on the System Controller. In the centralized
setup, a user logs in, authenticates, and gets an |OIDC| token from the
Central SystemController's |OIDC| identity provider, and uses the |OIDC| token
with '**any**' of the subclouds as well as the SystemController cloud.
Central System Controller's |OIDC| identity provider, and uses the |OIDC| token
with '**any**' of the subclouds as well as the System Controller cloud.
For a centralized |OIDC| authentication setup, use the following procedure:
.. rubric:: |proc|
#. Configure the **kube-apiserver** parameters on the SystemController and
#. Configure the **kube-apiserver** parameters on the System Controller and
each subcloud during bootstrapping, or by using the **system
service-parameter-add kubernetes kube\_apiserver** command after
bootstrapping the system, using the SystemController's floating OAM IP
bootstrapping the system, using the System Controller's floating OAM IP
address as the oidc\_issuer\_url for all clouds.
address as the oidc\_issuer\_url for all clouds.
@@ -89,7 +89,7 @@ For a centralized |OIDC| authentication setup, use the following procedure:
<configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system>`
#. On the SystemController only configure the **oidc-auth-apps**. For more information, see:
#. On the System Controller only configure the **oidc-auth-apps**. For more information, see:
:ref:`Configure OIDC Auth Applications <configure-oidc-auth-applications>`