Subject: Re: [Trove] State of the Trove service tenant deployment model

Darek Król dkrol3 at
Wed Jan 23 06:34:48 UTC 2019

On Wed, Jan 23, 2019 at 9:27 AM Fox, Kevin M
<Kevin.Fox at<mailto:Kevin.Fox at>> wrote:

> > I'd recommend at this point to maybe just run kubernetes across the vms and push the guest agents/workload to them.

> This sounds like an overkill to me. Currently, different projects in openstack are solving this issue > in different ways, e.g. Octavia is using two-way SSL authentication API between the controller service and amphora(which is the vm running HTTP server inside), Magnum is using heat-container-agent that is communicating with Heat via API, etc. However, Trove chooses another option which has brought a lot of discussions over a long time.

> In the current situation, I don't think it's doable for each project heading to one common solution, but Trove can learn from other projects to solve its own problem.
> Cheers,
> Lingxian Kong

The Octavia way of communication was discussed by Trove several times
in the context of secuirty. However, the security threat has been
eliminated by encryption.
I'm wondering if the Octavia way prevents DDOS attacks also ?

Implementation of two-way SSL authentication API could be included in
the Trove priority list IMHO if it solves all issues with
security/DDOS attacks. This could also creates some share code between
both projects and help other services as well.


More information about the openstack-discuss mailing list