Support Keystone authentication for k8s

Registered by hongbin on 2016-05-04

K8s already supports Keystone authenication [1]. Magnum should have an option to configure the k8s bay for using Keystone. As an initial step, I would suggest to add support for this option via labels. For example, '--labels k8s-authentication=keystone'. Later, if swarm and mesos supports Keystone as well, we might bring the option to baymodel as an attribute (instead of labels).

[1] http://kubernetes.io/docs/admin/authentication/

References:
https://github.com/kubernetes/kubernetes/pull/25624
https://github.com/kubernetes/kubernetes.github.io/pull/544

Blueprint information

Status:
Started
Approver:
hongbin
Priority:
Low
Drafter:
hongbin
Direction:
Approved
Assignee:
Feilong Wang
Definition:
Approved
Series goal:
Accepted for rocky
Implementation:
Needs Code Review
Milestone target:
None
Started by
Feilong Wang on 2018-05-25

Related branches

Sprints

Whiteboard

--
strigazi @ Sun Mar 25 16:42:01 UTC 2018

We can use the openstack kubernetes cloud provider:
https://github.com/kubernetes/cloud-provider-openstack

By mistake, this work is also followed here:
https://bugs.launchpad.net/magnum/+bug/1755770

--
Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-for-k8s-bay,n,z

Addressed by: https://review.openstack.org/326924
    WIP: Enable keystone authentication for k8s bay

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-for-k8s,n,z

Addressed by: https://review.openstack.org/561783
    Enable Keystone AuthN and AuthZ

Gerrit topic: https://review.openstack.org/#q,topic:bug/1755770,n,z

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.