diff --git a/content/cn/docs/admin/kube-apiserver.md b/content/cn/docs/admin/kube-apiserver.md index 7200eb73a2..d1009c71ab 100644 --- a/content/cn/docs/admin/kube-apiserver.md +++ b/content/cn/docs/admin/kube-apiserver.md @@ -108,10 +108,6 @@ kube-apiserver --experimental-encryption-provider-config string 包含加密提供程序的配置的文件,该加密提供程序被用于在etcd中保存密钥。 - --experimental-keystone-ca-file string 如果设置该值,将会使用experimental-keystone-ca-file中的一个authority对Keystone服务的证书进行验证,否则将会使用主机的根CA进行验证。 - - --experimental-keystone-url string 如果设置了该值,将启用keystone认证插件。 - --external-hostname string 为此master生成外部URL时使用的主机名(例如Swagger API文档)。 --feature-gates mapStringBool 一个描述alpha/experimental特性开关的键值对列表。 选项包括: diff --git a/content/en/docs/admin/authentication.md b/content/en/docs/admin/authentication.md index 8a9bdc61e6..56a026baec 100644 --- a/content/en/docs/admin/authentication.md +++ b/content/en/docs/admin/authentication.md @@ -536,29 +536,6 @@ checked. * `--requestheader-allowed-names` Optional. List of common names (cn). If set, a valid client certificate with a Common Name (cn) in the specified list must be presented before the request headers are checked for user names. If empty, any Common Name is allowed. -### Keystone Password - -Keystone authentication is enabled by passing the `--experimental-keystone-url=` -option to the API server during startup. The plugin is implemented in -`plugin/pkg/auth/authenticator/password/keystone/keystone.go` and currently uses -basic auth to verify user by username and password. - -If you have configured self-signed certificates for the Keystone server, -you may need to set the `--experimental-keystone-ca-file=SOMEFILE` option when -starting the Kubernetes API server. If you set the option, the Keystone -server's certificate is verified by one of the authorities in the -`experimental-keystone-ca-file`. Otherwise, the certificate is verified by -the host's root Certificate Authority. - -For details on how to use keystone to manage projects and users, refer to the -[Keystone documentation](http://docs.openstack.org/developer/keystone/). Please -note that this plugin is still experimental, under active development, and likely -to change in subsequent releases. - -Please refer to the [discussion](https://github.com/kubernetes/kubernetes/pull/11798#issuecomment-129655212), -[blueprint](https://github.com/kubernetes/kubernetes/issues/11626) and [proposed -changes](https://github.com/kubernetes/kubernetes/pull/25536) for more details. - ## Anonymous requests When enabled, requests that are not rejected by other configured authentication methods are