Integration with Identity Access Management (IAM)

Mirantis Container Cloud uses the Identity and access management (IAM) service for users and permission management. This section describes how you can integrate your OpenStack deployment with Keycloak through the OpenID connect.

To enable integration on the OpenStack side, define the following parameters in your openstackdeployment custom resource:

spec:
  features:
    keystone:
      keycloak:
        enabled: true
        url: <https://my-keycloak-instance>
        # optionally ssl cert validation might be disabled
        oidc:
           OIDCSSLValidateServer: false
           OIDCOAuthSSLValidateServer: false

The configuration above will trigger the creation of the os client in Keycloak. The role management and assignment should be configured separately on a particular deployment.

See also

• Mirantis Container Cloud Reference Architecture: Identity and access management

• Mirantis Container Cloud Operations Guide: Container Cloud roles and scopes