Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Infrastructure: Integrating OpenStack and Kubernetes

Published byBettina Becke Modified over 5 years ago

Similar presentations

Presentation on theme: "Open Infrastructure: Integrating OpenStack and Kubernetes"— Presentation transcript:

1 Open Infrastructure: Integrating OpenStack and Kubernetes
Giuseppe Attardi Department CSD, GARR TNC19 Tallinn 18/6/2019

2 GARR Federated Cloud OpenStack IaaS Deployment as a Service (Juju)
WorkPlace OnlyOffice Collaboration Suite Document editing, project management Kubernetes Bare metal cluster (MaaS) Package deployment (Helm) Now the challenge is: let the one thousand GARR Cloud users, and the future ones, access both Cloud and Container platform using the same personal account. As an additional complication, we enabled Federated authentication on GARR Cloud: users authenticate with their institutional Identity providers (members of IDEM/EduGain) or OIDC. We deprecate basic authentication via keystone username and password, which would have made things easier. Nevertheless, we kept on with the idea to use Keystone as the external identity provider for Kubernetes, leveraging the mechanism of Webhook authentication. What we present here is a joint work between GARR and SWITCH within GEANT project GN4-2, carried on mainly by Roberto di Lallo at GARR and Saverio Proto at Switch. Roberto unfortunately left GARR so Saverio will give some more details.

3 Deployment as a Service (Juju)
Select app from catalog Deploy on private cloud Scale Deploy on public cloud

4 Helm Package deployment for Kubernetes
Helm chart is a collection of YAML template files Single command deployment > helm install --set replicas=3 app

5 WebHook token authenticator
Kubernetes Authentication via Keystone New GN4-2 contribution Allows OpenStack users to access Kubernetes Innovative solution based on Keystone Application Credentials Code contributed to OpenStack Extension to OpenStack dashboard 1. kubectl config 10. user, group 8. Token 4. Token 7. Token 5. Token 6. Token 9. user, group 3. Application Credential 2. kubectl exec args kubectl credential plugin client-go WebHook token authenticator New OpenStack feature

6 Full Instructions See article on Superuser magazine:
integrating-openstack-and-kubernetes/

7 Getting Credentials from OpenStack Dashboard
The user then goes to the dashboard, signs in, and creates an Application Credential. You can see here the patches we applied on the dashboard: a box with the user namespace, generated from the username, and the button to download the kubeconfig.

8 Let's share solutions. Thank you.

Download ppt "Open Infrastructure: Integrating OpenStack and Kubernetes"

Similar presentations

Introduction to Office 365

Introduction to Office 365
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Introduction to Office 365

Introduction to Office 365
Moodle Integration with Microsoft Seree Chinodom Kittisak Onuean BURAPHA UNIVERSITY Powerful Tool for MoodlePowerful Tool for Moodle.

Moodle Integration with Microsoft Seree Chinodom Kittisak Onuean BURAPHA UNIVERSITY Powerful Tool for MoodlePowerful Tool for Moodle.
Alfresco – An Open Source Content Management System - Bindu Nayar, Bhavana Mohanraj.

Alfresco – An Open Source Content Management System - Bindu Nayar, Bhavana Mohanraj.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Microsoft Virtual Academy.

Microsoft Virtual Academy.
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Installation and Development Tools National Center for Supercomputing Applications University of Illinois at Urbana-Champaign The SEASR project and its.

Installation and Development Tools National Center for Supercomputing Applications University of Illinois at Urbana-Champaign The SEASR project and its.
Office 365 Directory Synchronization Update: Deploying Password Sync.

Office 365 Directory Synchronization Update: Deploying Password Sync.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October 15-16 2014.

Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Using Heat to Deploy and Manage Applications in OpenStack Trevor Roberts Jr, VMware, Inc. CNA1763 #CNA1763.

Using Heat to Deploy and Manage Applications in OpenStack Trevor Roberts Jr, VMware, Inc. CNA1763 #CNA1763.
Federating PL-Grid Computational Resources with the Atmosphere Cloud Platform Piotr Nowakowski, Marek Kasztelnik, Tomasz Bartyński, Tomasz Gubała, Daniel.

Federating PL-Grid Computational Resources with the Atmosphere Cloud Platform Piotr Nowakowski, Marek Kasztelnik, Tomasz Bartyński, Tomasz Gubała, Daniel.
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 www.eudat.eu B 2 DROP User.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B 2 DROP User.
User and Device Management

User and Device Management
Windows 8 Application Microsoft Word with an app for Office Internal O365 SharePoint Site Windows Azure Web Sites Windows Azure Workflow Service.

Windows 8 Application Microsoft Word with an app for Office Internal O365 SharePoint Site Windows Azure Web Sites Windows Azure Workflow Service.

Similar presentations

Ads by Google