Thanks for info
It looks like a big problem from management or client experience perceptive . Have seen most of the clients are using a single cluster but what about if a client has multiple clusters but client base is common? Authentication, authorization, API end points all are different or need to be managed independent to each other.
This is what current solution or can we change anything for better client experience in multi cluster environments ?
From: David Eads <deads redhat com>
Date: Friday, February 19, 2016 at 4:56 AM
To: skotaru <skotaru cisco com>
Cc: "users lists openshift redhat com" <users lists openshift redhat com>
Subject: Re: Multi Clusters : Token management
We don't have any native support for an API server to use an alternate authority to validate bearer tokens.
Currently each master (API server) will validate a bearer token against its own list of valid tokens stored in etcd. I'm not philosophically opposed to changes that would allow validation against an external authority (probably using a `remotemaster.Authenticator` to start), but that has repercussions on how other things like user management would be handled in a federated sort of environment. Complications like that prevent us from simply wiring it together and seeing what happens.
On Thu, Feb 18, 2016 at 5:32 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote: