Keystone K8s Authentication Operator

  • By Canonical Kubernetes
Channel Revision Published Runs on
latest/stable 12 04 Sep 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 12 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
juju deploy keystone-k8s-auth --channel edge
Show information

Learn to deploy on juju >

Platform:

Ubuntu
22.04 20.04

Learn about configurations >

  • extra-args | string

    (Optional) Extra arguments to pass to the k8s-keystone-auth deployment. Argument string will be split by shlex rules For example: `juju config keystone-k8s-auth extra-args='--debug'`

  • image-registry | string

    Source registry of keystone auth images. By setting to a value, each image listed in the releases manifest has its image-registry replaced. If unset, the manifests will use the image registry from the kube-control relation example) juju config keystone-k8s-auth image-registry='rocks.canonical.com:443/cdk' juju config keystone-k8s-auth --reset image-registry

  • keystone-policy-configmap | string

    Default: [ { "users": { "projects": ["demo"], "roles": ["member"] }, "resource_permissions": { "*/pods": ["get", "list", "watch"] } } ]

    https://github.com/kubernetes/cloud-provider-openstack/blob/a59b8a28d23b1f265eb066e760b56d72ad29e91f/examples/webhook/keystone-policy-configmap.yaml This is used to configure the k8s-keystone-auth service. The ConfigMap will be created in the same namespace as the k8s-keystone-auth service.

  • keystone-ssl-ca | string

    (Optional) Keystone certificate authority encoded in base64 for securing communications to Keystone. If the CA cert provided via the certificates relation is not sufficient, this option can be used to provide a custom CA cert. The certificate should be in PEM format, encoded in base64 is optional. For example: `juju config keystone-k8s-auth keystone-ssl-ca=$(base64 /path/to/ca.crt)`

  • release | string

    Specify the version of keystone-k8s-auth as defined by the `release` tags of https://github.com/kubernetes/cloud-provider-openstack example) juju config keystone-k8s-auth release='v1.30.0' A list of supported versions is available through the action: juju run-action keystone-k8s-auth/leader list-releases --wait To reset by to the latest supported by the charm use: juju config keystone-k8s-auth --reset release The current release deployed is available by viewing juju status keystone-k8s-auth

  • replicas | int

    Default: 2

    Number of pod replicas to run for the k8s-keystone-auth service.