Project

General

Profile

Cluster registry » History » Version 2

Ward Vandewege, 03/07/2018 10:27 PM

1 1 Ward Vandewege
h1. Cluster registry
2
3
h2. Problem description
4
5 2 Ward Vandewege
As part of the [[Federated identity]] feature, a configuration option was added to the Arvados API server to indicate which remote API servers are trusted to authenticate user IDs ('remote_hosts'). 
6 1 Ward Vandewege
7
This allows for basic federated identity between a group of Arvados clusters. Each time the membership of the API server group changes (an API server is added or removed), every API server in the group needs to have its configuration updated. This is not ideal.
8
9
h2. Simplifying assumptions
10
11
An Arvados API server can only be part of one federated identity group (aka 'federation').
12
13
h2. Proposed solution
14
15
A cluster registry service, which is managed centrally by the federation admin. All API servers in the federation sync the federation membership list from the registry service automatically.