Magnum as a CA
To support secure communication between Magnum and Kubernetes, Magnum must be able to issue certificates. For that magnum-api should be run as a CA and each system should trust Magnum.
Blueprint information
- Status:
- Complete
- Approver:
- Adrian Otto
- Priority:
- Medium
- Drafter:
- Madhuri Kumari
- Direction:
- Approved
- Assignee:
- yuanying
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
-
Implemented
- Milestone target:
-
liberty-3
- Started by
- yuanying
- Completed by
- yuanying
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add tool to generate SSL certificates in Magnum.
Addressed by: https:/
[WIP] Add a tool to manage x509 objects
Addressed by: https:/
Add CertManager to store CA and client certificate
Gerrit topic: https:/
Addressed by: https:/
Add cert_uuid attributes to Bay
Addressed by: https:/
[WIP] Generate certs while creating bay
Addressed by: https:/
[WIP] Delete certs while deleting bay
Addressed by: https:/
Enable barbican in devstack
Addressed by: https:/
Set project_id and user_id from context directly
Addressed by: https:/
[WIP] Add Certificate controller for TLS support.
Gerrit topic: https:/
Addressed by: https:/
Change bay.*_cert_uuid to bay.*_cert_ref
Addressed by: https:/
Fix keystone client usage in barbican client
Addressed by: https:/
Move magnum specific cert_manager to objects
Work Items
Dependency tree
* Blueprints in grey have been implemented.
