This section describes the OpenStackCredential custom resource (CR) used in Mirantis Container Cloud API. It contains all required details to connect to a provider back end.

For demonstration purposes, the Container Cloud OpenStackCredential custom resource (CR) can be split into the following sections:


The Container Cloud OpenStackCredential custom resource (CR) contains the following fields:

  • apiVersion

  • kind

    Object type that is OpenStackCredential

The metadata object field of the OpenStackCredential resource contains the following fields:

  • name

    Name of the OpenStackCredential object

  • namespace

    Namespace in which the OpenStackCredential object has been created

  • labels


      Provider type that matches the provider type in the Cluster object and must be openstack


      If true, indicates that OpenStackCredential is in use by the management or regional cluster objects


      Region name


    Labels and annotations that are not documented in this API Reference are generated automatically by Container Cloud. Do not modify them using the Container Cloud API.

Configuration example:

kind: OpenStackCredential
  name: demo
  namespace: test
  labels: region-one "true"

OpenStackCredential configuration

The spec object field of the OpenStackCredential resource contains a cloud configuration to use for OpenStack authentication. It contains the following fields:

  • auth
    • authURL

      Identity endpoint URL.

    • password
      • value

        Value of the password. This field is available only when the user creates or changes password. Once the controller detects this field, it updates the password in the secret and removes the value field from the OpenStackCredential object.

      • secret

        Reference to the Secret object that contains the password:

        • key

          Secret key name

        • name

          Secret name

    • projectID

      Unique ID of a project.

    • userDomainName

      Name of a domain where the user resides.

    • userName

      User name

  • regionName

    Name of an OpenStack region.

  • CACert

    Base64 encoded CA certificate bundle for verification of SSL API requests.

Configuration example:

        key: value
        name: cloud-config
    projectDomainName: k8s-team
    projectID: d67a2680ded144af8bcc91314e560616
    projectName: k8s-team
    userDomainName: default
    userName: k8s-team
  regionName: RegionOne