Commit 104493c4 authored by Alberto Colla's avatar Alberto Colla
Browse files

2019-01-30 Colla: bugfixes

parent 4f657e88
......@@ -30,5 +30,6 @@ publish: lint
OUTPUT=`charm push . cs:~$(USER)/$(NAME)`
echo $$OUTPUT
REV=`echo $$OUTPUT | sed 's/.*$(NAME)-\([0-9]*\).*/\1/'`
echo $$REV
charm release cs:~$(USER)/$(NAME)-$(REV) --channel stable
charm grant cs:~$(USER)/$(NAME)-$(REV) everyone --channel stable
......@@ -84,6 +84,7 @@ def setup_authentication():
k8s_keystone_auth_url = hookenv.config('k8s-keystone-auth-url')
hookenv.log('Downloading %s' % k8s_keystone_auth_url)
handler.download(k8s_keystone_auth_url, k8s_keystone_auth_path)
check_call(['chmod', '+x', k8s_keystone_auth_path])
check_call(['chmod', '+x', k8s_keystone_auth_start])
......@@ -108,11 +109,20 @@ def setup_authentication():
def setup_authentication_server():
''' Start k8s_keystone_auth '''
check_call(['chmod', '+x', k8s_keystone_auth_path])
check_call(['chmod', '+x', k8s_keystone_auth_start])
hookenv.status_set('maintenance', 'Starting authentication server.')
command = ['systemctl', 'enable', 'k8s-keystone-auth']
check_call(command)
command = ['systemctl', 'restart', 'k8s-keystone-auth.service']
check_call(command)
set_state('authentication.server')
......
......@@ -12,6 +12,6 @@ KUBE_CONFIG=/home/ubuntu/config
$K8S_KEYSTONE_AUTH --tls-cert-file $APISERVER_CERT \
--tls-private-key-file $APISERVER_KEY \
--keystone-url $KEYSTONE_URL \
--keystone-policy-file $KEYSTONE_POLICY \
# --keystone-policy-file $KEYSTONE_POLICY \
--sync-config-file $SYNC_CONFIG \
--kubeconfig $KUBE_CONFIG
## The Kubernetes cluster can only be accessed by the users in kubernetes project,
## users with k8s-admin or k8s-user role have both write and read permissions
## to the pod resource, but users with k8s-admin role can also assign roles
## to others.
[
{
"resource": {
......
// N.B. Hash is not allowed for comments in json files
// The Kubernetes cluster can only be accessed by the users in kubernetes project,
// users with k8s-admin or k8s-user role have both write and read permissions
// to the pod resource, but users with k8s-admin role can also assign roles
// to others
[
{
"resource": {
"verbs": ["get", "list", "watch", "create", "update", "delete"],
"resources": ["pods"],
"version": "*",
"namespace": "default"
},
"match": [
{
"type": "role",
"values": ["k8s-admin", "k8s-user"]
},
{
"type": "project",
"values": ["{{ kubernetes_project }}"]
}
]
},
{
"resource": {
"verbs": ["bind"],
"resources": ["clusterroles"],
"resourceNames": ["admin", "edit", "view"],
"version": "*",
"namespace": "default"
},
"match": [
{
"type": "role",
"values": ["k8s-admin"]
},
{
"type": "project",
"values": ["{{ kubernetes_project }}"]
}
]
}
]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment