One of the most important tasks of the integration of Kubernetes and OpenStack is to provide a single mechanism for identifying users with OpenStack Keystone.
This talk will present the latest developments of the community allowing Keystone to be used as a native identity provider for Kubernetes.
The presentation will begin with a review of the authentication capabilities on both server and client sides. Particular attention will be paid to auth data synchronization between the two systems. For example, when a user belongs to a project in Keystone, the first time he tries to authenticate in Kubernetes, a new namespace, corresponding to the project in Keystone, will be automatically created for him, along with all related role bindings for the RBAC module.
At the end, a demo will be shown explaining what features are available and how to use them properly.
The main purpose of the presentation is to give theoretical and practical knowledge about how the identity integration works and what options are available at the moment.
After the presentation attendees will be able:
- to setup a kubectl plugin to authenticate in Keystone on the client side;
- to enable Keystone authentication in Kubernetes on the server side;
- to configure auth data synchronization between Keystone and Kubernetes.