kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove content referring to keystone authentication (#8603) 

Closes: #7411
This commit is contained in:
Qiming 2018-05-20 12:23:51 +08:00 committed by k8s-ci-robot
parent eb420cf183
commit 61860ea79e
2 changed files with 0 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/cn/docs/admin/kube-apiserver.md
View File

@ -108,10 +108,6 @@ kube-apiserver
--experimental-encryption-provider-config string 包含加密提供程序的配置的文件该加密提供程序被用于在etcd中保存密钥。
--experimental-keystone-ca-file string 如果设置该值将会使用experimental-keystone-ca-file中的一个authority对Keystone服务的证书进行验证否则将会使用主机的根CA进行验证。
--experimental-keystone-url string 如果设置了该值将启用keystone认证插件。
--external-hostname string 为此master生成外部URL时使用的主机名(例如Swagger API文档)。
--feature-gates mapStringBool 一个描述alpha/experimental特性开关的键值对列表。 选项包括:

23
content/en/docs/admin/authentication.md
View File

@ -536,29 +536,6 @@ checked.
* `--requestheader-allowed-names` Optional. List of common names (cn). If set, a valid client certificate with a Common Name (cn) in the specified list must be presented before the request headers are checked for user names. If empty, any Common Name is allowed.
### Keystone Password
Keystone authentication is enabled by passing the `--experimental-keystone-url=<AuthURL>`
option to the API server during startup. The plugin is implemented in
`plugin/pkg/auth/authenticator/password/keystone/keystone.go` and currently uses
basic auth to verify user by username and password.
If you have configured self-signed certificates for the Keystone server,
you may need to set the `--experimental-keystone-ca-file=SOMEFILE` option when
starting the Kubernetes API server. If you set the option, the Keystone
server's certificate is verified by one of the authorities in the
`experimental-keystone-ca-file`. Otherwise, the certificate is verified by
the host's root Certificate Authority.
For details on how to use keystone to manage projects and users, refer to the
[Keystone documentation](http://docs.openstack.org/developer/keystone/). Please
note that this plugin is still experimental, under active development, and likely
to change in subsequent releases.
Please refer to the [discussion](https://github.com/kubernetes/kubernetes/pull/11798#issuecomment-129655212),
[blueprint](https://github.com/kubernetes/kubernetes/issues/11626) and [proposed
changes](https://github.com/kubernetes/kubernetes/pull/25536) for more details.
## Anonymous requests
When enabled, requests that are not rejected by other configured authentication methods are