Add ssl support for keystone token generation
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubernetes Control Plane Charm |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
When kubernetes-
It seems like we want to check if OS_CACERT is set (in the novarc) and if so, pass it to the curl.
---
I can add support for it manually by:
* Changing the curl in the kube-keystone.sh file to something like this:
token=$(curl --cacert /home/ubuntu/
* scp root.pem to kubernetes-master host
* export the openstack variables
* then run the script
---
(I'm not sure if this bug falls under kubernetes-master or openstack-
| Kevin W Monroe (kwmonroe) wrote | #1 |
| Changed in charm-kubernetes-master: | |
| importance: | Undecided → Medium |
| milestone: | none → 1.23 |
| status: | New → Triaged |
| Joshua Genet (genet022) wrote | #2 |
| Changed in charm-kubernetes-master: | |
| milestone: | 1.23 → 1.24 |
| Changed in charm-kubernetes-master: | |
| milestone: | 1.24 → none |
Afaict, this would only affect users that want to generate an out-of-band token for authenticating with things like the k8s dashboard.
Normal cluster operations (workers registering with the control plane, kubeconfig files including proper keystone creds, etc) should work correctly today.
Targeting this for CK 1.23.