Kubernetes Control Plane Charm

[RFE] Enable LDAP-Keystone auth on Windows (and MacOS)

Bug #1841728 reported by Pedro Guimarães
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubernetes Control Plane Charm
Triaged
Wishlist
Unassigned

Bug Description

Looking into how we use keystone-ldap integration on k8s, I can see that we have two possible ways:

1) Follow docs on ubuntu:
https://ubuntu.com/kubernetes/docs/ldap
That means we need to run the following script to authenticate: https://github.com/charmed-kubernetes/charm-kubernetes-master/blob/d8131689d34be98370205ca1dcfe6222da9487ff/templates/kube-keystone.sh

2) client-keystone-auth snap:
https://github.com/kubernetes/cloud-provider-openstack/blob/master/cmd/client-keystone-auth/main.go

Both are fine for Ubuntu or main Linux distributions, maybe even MacOS with shell script (although the later I've never tried).
However, that does not port easily to Windows.
The issue is that ldap auth will happen on customer client machine, which can be anything.

My suggestion is to move those separate scripts to one single source, using only Python.
That way, .kube/config may run it with "python my_pip_installed_auth_script" from any system.

Revision history for this message
Tim Van Steenburgh (tvansteenburgh) wrote :

We have no Windows support for this. To do this on Windows, you'd need to:

1. download Windows binary for kubectl
2. compile Windows binary for client-keystone-auth
3. port kube-keystone.sh to something that works on Windows (PowerShell?)

We have no immediate plans to do any of this.

My suggestion would be for these client commands to be run in a Multipass VM or WSL shell on the Windows workstation.

Changed in charm-kubernetes-master:
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.