On Thu, Sep 25, 2014 at 6:02 AM, Clint Byrum <clint at fewbar.com> wrote: > However, this does make me think that Keystone domains should be exposable > to services inside your cloud for use as SSO. It would be quite handy > if the keystone users used for the VMs that host Kubernetes could use > the same credentials to manage the containers. > I was exactly thinking about the same and looking at the code here : https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/client/request.go#L263 it seems to use some basic HTTP auth which should be enough with the REMOTE_USER/apache feature of keystone : http://docs.openstack.org/developer/keystone/external-auth.html#using-httpd-authentication but if we want to have proper full integration with OpenStack we would probably at some point want to teach modularity and a keystone plugin to give to k8 Chmouel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140925/e734f78d/attachment.html>