Mirantis Container Cloud uses the Identity and access management (IAM) service for users and permission management. This section describes how you can integrate your OpenStack deployment with Keycloak through the OpenID connect.
To enable integration on the OpenStack side, define the following parameters
in your openstackdeployment
custom resource:
spec:
features:
keystone:
keycloak:
enabled: true
url: <https://my-keycloak-instance>
# optionally ssl cert validation might be disabled
oidc:
OIDCSSLValidateServer: false
OIDCOAuthSSLValidateServer: false
The configuration above will trigger the creation of the os
client in
Keycloak. The role management and assignment should be configured separately
on a particular deployment.