OpenStackCredential

This section describes the OpenStackCredential custom resource (CR) used in Mirantis Container Cloud API. It contains all required details to connect to a provider back end.

For demonstration purposes, the Container Cloud OpenStackCredential custom resource (CR) can be split into the following sections:

metadata

The Container Cloud OpenStackCredential custom resource (CR) contains the following fields:

  • apiVersion

    kaas.mirantis.com/v1alpha1

  • kind

    Object type that is OpenStackCredential

The metadata object field of the OpenStackCredential resource contains the following fields:

  • name

    Name of the OpenStackCredential object

  • namespace

    Namespace in which the OpenStackCredential object has been created

  • labels
    • kaas.mirantis.com/regional-credential

      If true, indicates that OpenStackCredential is in use by the management or regional cluster objects

    • kaas.mirantis.com/region

      Region name

Configuration example:

apiVersion: kaas.mirantis.com/v1alpha1
kind: OpenStackCredential
metadata:
  name: demo
  namespace: test
  labels:
    kaas.mirantis.com/region: region-one
    kaas.mirantis.com/regional-credential: "true"

OpenStackCredential configuration

The spec object field of the OpenStackCredential resource contains a cloud configuration to use for OpenStack authentication. It contains the following fields:

  • auth
    • authURL

      Identity endpoint URL.

    • password
      • value

        Value of the password. This field is available only when the user creates or changes password. Once the controller detects this field, it updates the password in the secret and removes the value field from the OpenStackCredential object.

      • secret

        Reference to the Secret object that contains the password:

        • key

          Secret key name

        • name

          Secret name

    • projectID

      Unique ID of a project.

    • userDomainName

      Name of a domain where the user resides.

    • userName

      User name

  • regionName

    Name of an OpenStack region.

  • CACert

    Base64 encoded CA certificate bundle for verification of SSL API requests.

Configuration example:

...
spec:
  auth:
    authURL: https://container-cloud.ssl.example.com:5000/v3
    password:
      secret:
        key: value
        name: cloud-config
    projectDomainName: k8s-team
    projectID: d67a2680ded144af8bcc91314e560616
    projectName: k8s-team
    userDomainName: default
    userName: k8s-team
  regionName: RegionOne