英文:
Extending Rancher's Auth-service to use other (OAuth) provider
问题
我们团队目前正在考虑使用Rancher作为Docker容器编排解决方案,其中一件我想要做的事情是尝试在Rancher服务器上使用一个目前不受Rancher支持的提供者(即Fiware Lab,它可以是一个OAuth提供者)来设置访问控制。
Rancher在一个单独的Golang服务中处理身份验证,该服务可以在此存储库中找到。可以通过扩展该服务来允许新的身份验证提供者,如存储库的wiki中所述。然而,我对如何部署我的扩展服务到Rancher服务器感到困惑。是否可以只运行扩展服务,而无需为Rancher服务器构建新的Docker镜像呢?
英文:
Our team is currently looking to use Rancher for a Docker container orchestration solution, and one the things I'm looking to do is try setting up Access Control on the Rancher server using a provider that isn't supported by Rancher at the moment (this being Fiware Lab which can be a OAuth provider).
Rancher handles authentication in a separate Golang service available in this repo. This could be extended to allow for a new provider for authentication as described in the wiki of the repo. What I'm confused about however is how I could then deploy my extended service with Rancher Server. Is it possible to just run the extended service without having to build a new Docker image for Rancher Server altogether?
答案1
得分: 0
这是一个外部服务,主要是为了方便我们开发额外的提供者,并将该代码从Cattle核心中分离出来(迁移工作正在进行中,只有Github已经迁移,Shibboleth作为新的提供者仅添加到了Golang中)。
虽然有可能实现,但目前这不是一个普遍公开的插件点。目前没有任何正式的方法来注册自己的提供者,将其添加到服务器容器中,提供UI进行配置,或在配置完成后登录到它。
英文:
It is an external service mainly to make it easier for us to develop additional providers, and to pull that code out of the Cattle core (the migration of which is on-going, only Github is moved and Shibboleth was added as a new one only into the Golang one).
While it is possible, this is not currently a general public plugin point. There is not any formal way to register your own provider, get that into the server container, provide UI to configure it, or log into it once configured.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论