Magnum as a CA

Registered by Madhuri Kumari on 2015-06-26

To support secure communication between Magnum and Kubernetes, Magnum must be able to issue certificates. For that magnum-api should be run as a CA and each system should trust Magnum.

Blueprint information

Status:
Complete
Approver:
Adrian Otto
Priority:
Medium
Drafter:
Madhuri Kumari
Direction:
Approved
Assignee:
yuanying
Definition:
Approved
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon liberty-3
Started by
yuanying on 2015-09-11
Completed by
yuanying on 2015-09-11

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/magnum-as-a-ca,n,z

Addressed by: https://review.openstack.org/199493
    Add tool to generate SSL certificates in Magnum.

Addressed by: https://review.openstack.org/212321
    [WIP] Add a tool to manage x509 objects

Addressed by: https://review.openstack.org/212395
    Add CertManager to store CA and client certificate

Gerrit topic: https://review.openstack.org/#q,topic:bp/secure-kubernetes,n,z

Addressed by: https://review.openstack.org/214450
    Add cert_uuid attributes to Bay

Addressed by: https://review.openstack.org/214480
    [WIP] Generate certs while creating bay

Addressed by: https://review.openstack.org/215379
    [WIP] Delete certs while deleting bay

Addressed by: https://review.openstack.org/215502
    Enable barbican in devstack

Addressed by: https://review.openstack.org/216132
    Set project_id and user_id from context directly

Addressed by: https://review.openstack.org/214179
    [WIP] Add Certificate controller for TLS support.

Gerrit topic: https://review.openstack.org/#q,topic:bug/1489707,n,z

Addressed by: https://review.openstack.org/218086
    Change bay.*_cert_uuid to bay.*_cert_ref

Addressed by: https://review.openstack.org/219579
    Fix keystone client usage in barbican client

Addressed by: https://review.openstack.org/222062
    Move magnum specific cert_manager to objects

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.