You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be useful to add a small section on how to best validate that the token generated from 'get_keystone_token' works end to end.
Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?
Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?
The text was updated successfully, but these errors were encountered:
Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?
Correct. This just talks directly to Keystone and verifies that connectivity exists between the client machine and the Keystone machine. This is essentially what the plugin is doing for the user.
Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?
This takes the token from Keystone and sends it to the api server. It is then routed through the webhook for verification, which talks to the Keystone server. This verifies that the webhook is working properly and able to validate tokens.
Originally opened here: https://bugs.launchpad.net/charm-kubernetes-master/+bug/1814843
The text was updated successfully, but these errors were encountered: