docs/doc/source/dist_cloud/kubernetes/shared-configurations.rst

Shared Configurations

Shared configurations are system settings or services managed by the System Controller and synchronized across all subclouds.

Synchronizations can be delayed slightly, depending on network traffic conditions and the amount of information to be synchronized.

synchronizes configuration for selected attributes of system-wide configurations (see Table 1 <shared-configurations-shared-sys-configs>) and synchronizes configuration for resources of the Keystone Identity Service (see Table 2 <shared-configurations-shared-keystone-configs>).

Table 1. Shared System Configurations

Shared Configuration	Remarks
DNS IP addresses	Subclouds use the DNS servers specified at the System Controller.
sysadmin Password	The sysadmin password may take up to 10 minutes to sync with the controller. The sysadmin password is not modified via the system command. It is modified using the regular Linux passwd command.
Certificates	Subclouds use the Trusted certificates installed on the System Controller using the system certificate-install -m ssl_ca command.

Table 2. Shared Platform Keystone Resource Configurations

Local Service	Shared Configuration	Remarks
Keystone	Users Roles Projects Project Role Assignments Passwords Token revocation events	To facilitate Single Sign-On across the entire , and to enable centralized User Management, the Platform's Keystone's platform authentication identity resources are synced to the subclouds. If a new user, project, role or assignment, or changes to these resources are detected on the System Controller via Audit, they are automatically synced to the subclouds. If a subcloud is inaccessible or unmanaged at that time, then these resources and changes will be queued and synchronized once the subcloud becomes available. The specific Keystone resources synchronized are: users, roles, projects, project roles, assignments, passwords and token revocation events.