[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Multi Clusters : Token management



David 

Thanks for info

It looks like a big problem from management or client experience perceptive . Have seen most of the clients are using a single cluster but what about if a client has multiple clusters but client base is common? Authentication, authorization,  API  end points all are different or need to be managed independent to each other.

This is what current solution or can we change anything for better client experience in multi cluster environments ? 


-- 
Srinivas Kotaru

From: David Eads <deads redhat com>
Date: Friday, February 19, 2016 at 4:56 AM
To: skotaru <skotaru cisco com>
Cc: "users lists openshift redhat com" <users lists openshift redhat com>
Subject: Re: Multi Clusters : Token management

We don't have any native support for an API server to use an alternate authority to validate bearer tokens.

Currently each master (API server) will validate a bearer token against its own list of valid tokens stored in etcd.  I'm not philosophically opposed to changes that would allow validation against an external authority (probably using a `remotemaster.Authenticator` to start), but that has repercussions on how other things like user management would be handled in a federated sort of environment.  Complications like that prevent us from simply wiring it together and seeing what happens.

On Thu, Feb 18, 2016 at 5:32 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote:
Guys any ideas for this specific problem?


-- 
Srinivas Kotaru

From: skotaru <skotaru cisco com>
Date: Wednesday, February 17, 2016 at 12:35 PM
To: "users lists openshift redhat com" <users lists openshift redhat com>
Subject: Multi Clusters : Token management

Hi

Need your expert advise and comments

We’re going with multi cluster installation, I.e., separate cluster installation per each data center. With this approach, we might be end up with 8+ clusters.

Each cluster has its own API and token life cycle. Was trying to explore any better way to manage a single token valid across all these clusters? don’t want our clients to deal with separate token management  while connecting and dealign with each cluster apps?

Thinking similar to OpenStack common keystone central token management. 

Any better ideas ? Any comments or experience with dealing with multi cluster management seamlessly? 


-- 
Srinivas Kotaru

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]