Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for validating keystone authentication #471

Open
Cynerva opened this issue Sep 18, 2020 · 1 comment
Open

Add documentation for validating keystone authentication #471

Cynerva opened this issue Sep 18, 2020 · 1 comment
Labels
help wanted Issues seeking community contribution

Comments

@Cynerva
Copy link
Contributor

Cynerva commented Sep 18, 2020

Originally opened here: https://bugs.launchpad.net/charm-kubernetes-master/+bug/1814843

For our k8s keystone authentication validation, we are following this guide:
https://www.ubuntu.com/kubernetes/docs/ldap

It would be useful to add a small section on how to best validate that the token generated from 'get_keystone_token' works end to end.

Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?

Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?

@hyperbolic2346
Copy link
Contributor

Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?

Correct. This just talks directly to Keystone and verifies that connectivity exists between the client machine and the Keystone machine. This is essentially what the plugin is doing for the user.

Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?

This takes the token from Keystone and sends it to the api server. It is then routed through the webhook for verification, which talks to the Keystone server. This verifies that the webhook is working properly and able to validate tokens.

@evilnick evilnick added the help wanted Issues seeking community contribution label Oct 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Issues seeking community contribution
Development

No branches or pull requests

3 participants