Event Details

Please note: All times listed below are in Central Time Zone

Identity integration between OpenStack and Kubernetes

One of the most important tasks of the integration of Kubernetes and OpenStack is to provide a single mechanism for identifying users with OpenStack Keystone.

This talk will present the latest developments of the community allowing Keystone to be used as a native identity provider for Kubernetes.

The presentation will begin with a review of the authentication capabilities on both server and client sides. Particular attention will be paid to auth data synchronization between the two systems. For example, when a user belongs to a project in Keystone, the first time he tries to authenticate in Kubernetes, a new namespace, corresponding to the project in Keystone, will be automatically created for him, along with all related role bindings for the RBAC module.

At the end, a demo will be shown explaining what features are available and how to use them properly.


What can I expect to learn?

The main purpose of the presentation is to give theoretical and practical knowledge about how the identity integration works and what options are available at the moment.

After the presentation attendees will be able:

  • to setup a kubectl plugin to authenticate in Keystone on the client side;
  • to enable Keystone authentication in Kubernetes on the server side;
  • to configure auth data synchronization between Keystone and Kubernetes.
Thursday, November 15, 5:10pm-5:50pm (4:10pm - 4:50pm UTC)
Difficulty Level: Intermediate
Red Hat, Senior Software Engineer
Mike Fedosin is a full-time upstream OpenStack developer with more than 10 years of experience in Software Development in enterprise, scientific and open-source projects. He has the title of Ph.D. in the development of cloud service architectures. At the moment, Mike works as a deployment engineer and involved in such OpenStack projects as TripleO and Mistral, but his main job is to integrate... FULL PROFILE