No ability to create zones shared across tenants
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Designate |
Fix Released
|
Undecided
|
Erik Olof Gunnar Andersson | ||
OpenStack Designate Charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
We have provider networks and external networks shared across tenants. Additionally, regardless of networks or tenants, we might just have a few subdomains that a user in whatever tenant wants to put VMs on, depending on the use case - dev.example.com, infra.example.com, test.example.com - perhaps a developer VM in one subdomain, certain infra applications in another, testbeds in another
How do we do this?
In the documentation (which is severaly lacking): https:/
There doesnt appear to be a way to make it shared, as you can with a neutron network. In fact there appears to be a zone transfer API which implies a subdomain/zone is tied to a specific tenant.
This might be dealbreaker for using Designate.
Changed in designate: | |
assignee: | Igor Malinovskiy (imalinovskiy) → Erik Olof Gunnar Andersson (eandersson) |
Changed in designate: | |
assignee: | Erik Olof Gunnar Andersson (eandersson) → Igor Malinovskiy (imalinovskiy) |
Changed in designate: | |
assignee: | Igor Malinovskiy (imalinovskiy) → Erik Olof Gunnar Andersson (eandersson) |
Changed in designate: | |
assignee: | Erik Olof Gunnar Andersson (eandersson) → Igor Malinovskiy (imalinovskiy) |
Changed in designate: | |
assignee: | Igor Malinovskiy (imalinovskiy) → Nicolas Bock (nicolasbock) |
Changed in designate: | |
assignee: | Nicolas Bock (nicolasbock) → Igor Malinovskiy (imalinovskiy) |
Changed in designate: | |
assignee: | Igor Malinovskiy (imalinovskiy) → Erik Olof Gunnar Andersson (eandersson) |
Designate does not currently have an RBAC mechanism per zone.
We have talked about it, but we have not found a performant way of storing the data, and it has not been a priority for us.
We are open to suggestions, and designs / code for features though.
I am closing this, as it is not bug, but we can create a blueprint if we need to.