Prepare the OpenStack configuration

1. Log in to the OpenStack Horizon.

2. In the Project section, select API Access.

3. In the right-side drop-down menu Download OpenStack RC File, select OpenStack clouds.yaml File.

4. Save the downloaded clouds.yaml file in the kaas-bootstrap folder created by the get_container_cloud.sh script.

5. In clouds.yaml, add the password field with your OpenStack password under the clouds/openstack/auth section.

   Example:

   clouds:
     openstack:
       auth:
         auth_url: https://auth.openstack.example.com/v3
         username: your_username
         password: your_secret_password
         project_id: your_project_id
         user_domain_name: your_user_domain_name
       region_name: RegionOne
       interface: public
       identity_api_version: 3
   

6. Available since Container Cloud 2.17.0. If you deploy Container Cloud on top of MOSK Victoria with Tungsten Fabric and use the default security group for newly created load balancers, add the following rules for Kubernetes API server endpoint, Container Cloud application endpoint, and for MKE web UI and API using the OpenStack CLI:

   • direction='ingress'

   • ethertype='IPv4'

   • protocol='tcp'

   • remote_ip_prefix='0.0.0.0/0'

   • port_range_max and port_range_min:

     • '443' for Kubernetes API and Container Cloud application endpoints

     • '6443' for MKE web UI and API

7. Verify access to the target cloud endpoint from Docker. For example:

   docker run --rm alpine sh -c "apk add --no-cache curl; \
   curl https://auth.openstack.example.com/v3"
   

   The system output must contain no error records.