<div dir="ltr"><div>Hi All,<br>
<br>
Magnum as a CA mainly aims at how certificates and keys for both client(magnum-conductor)<br>
and server(kube-apiserver) will be generated and who will be the CA.<br>
<br>
Blueprint Link: <a href="https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca">https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca</a><br>
<br>
Currently we have 3 options to generate certificates.<br>
<br>
<b>1. Write our own tool.</b><br>
In this approach, we will have our own tool to generate certificate signed by CA.<br>
A review has been submitted for it:<br>
<a href="https://review.openstack.org/#/c/199493/">https://review.openstack.org/#/c/199493/</a><br>
<br>
<br>
<b>2. Using Anchor.</b><br>
Anchor is an stackforge project that automates the verification of CSRs and signs certificates for clients.<br>
<a href="https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=https%3a%2f%2fgithub.com%2fstackforge%2fanchor" target="_blank">https://github.com/stackforge/anchor</a><br>
<br>
Anchor can be used to generate signed certificate.<br>
<br>
<b>3. Using Barbican.<br>
</b>Barbican can also be used for generating certificate signed by some CA plugins.<br>
<a href="https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=http%3a%2f%2fdocs.openstack.org%2fdeveloper%2fbarbican%2fplugin%2fcertificate.html" target="_blank">http://docs.openstack.org/developer/barbican/plugin/certificate.html</a><br>
<br>
Moreover it can also be used to store certificates securely.<br>
<br>
Folks, please provide your views on which is the most suitable option for adding TLS support in Magnum.<br>
<br></div>Also, we will have a meeting on <b>#openstack-containers</b> at <b>23:30 UTC</b> to discuss the same. Request Barbican and Anchor developers also to join.<br><div>
<br>
<br>
<font face="Arial" color="000000" size="2">Regards<br>
Madhur<font color="000000">i</font><br></font></div></div>