Joe, If you see the code in the git repo, you will see that we do use "Authorizer interface", so it is possible use the same code as a custom module. Guess you are thinking about a downstream kubernetes distro.
Thanks, Dims On Wed, Aug 9, 2017 at 1:21 AM, joehuang <joehu...@huawei.com> wrote: > Except webhook, how about custom module(call keystone API directly from > custom module) for authorization? ( > https://kubernetes.io/docs/admin/authorization/#custom-modules ) > > Webhook: > Pros.: http calling, loose coupling, more flexible configuration. > Cons.: Degraded performance, one more hop > custom module: > Pros.: direct function call, better performance, less process to > maintain. > Cons.: coupling, built-in module. > > Best Regards > Chaoyi Huang (joehuang) > > ________________________________________ > From: Morgan Fainberg [morgan.fainb...@gmail.com] > Sent: 09 August 2017 12:26 > To: OpenStack Development Mailing List (not for usage questions) > Cc: kubernetes-sig-openst...@googlegroups.com > Subject: Re: [openstack-dev] [keystone][kubernetes] Webhook PoC for Keystone > based Authentication and Authorization for Kubernetes > > I shall take a look at the webhooks and see if I can help on this front. > > --Morgan > > On Tue, Aug 8, 2017 at 6:34 PM, joehuang <joehu...@huawei.com> wrote: >> Dims, >> >> Integration of keystone and kubernetes is very cool and in high demand. >> Thank you very much. >> >> Best Regards >> Chaoyi Huang (joehuang) >> >> ________________________________________ >> From: Davanum Srinivas [dava...@gmail.com] >> Sent: 01 August 2017 18:03 >> To: kubernetes-sig-openst...@googlegroups.com; OpenStack Development Mailing >> List (not for usage questions) >> Subject: [openstack-dev] [keystone][kubernetes] Webhook PoC for Keystone >> based Authentication and Authorization for Kubernetes >> >> Team, >> >> Having waded through the last 4 attempts as seen in kubernetes PR(s) >> and Issues and talked to a few people on SIG-OpenStack slack channel, >> the consensus was that we should use the Webhook mechanism to >> integrate Keystone and Kubernetes. >> >> Here's the experiment : https://github.com/dims/k8s-keystone-auth >> >> Anyone interested in working on / helping with this? Do we want to >> create a repo somewhere official? >> >> Thanks, >> Dims >> >> -- >> Davanum Srinivas :: https://twitter.com/dims >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: https://twitter.com/dims __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev