Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
Configure Google OAuth IdP for IAM¶
Caution
The instruction below applies to the DNS-based management clusters. If you bootstrap a non-DNS-based management cluster, configure Google OAuth IdP for Keycloak after bootstrap using the official Keycloak documentation.
If you integrate Google OAuth external identity provider for IAM to
Mirantis OpenStack for Kubernetes, create the authorization credentials for IAM in your
Google OAuth account and configure cluster.yaml.template during the
bootstrap of the management cluster.
To configure Google OAuth IdP for IAM:
Create Google OAuth credentials for IAM:
Log in to your https://console.developers.google.com.
Navigate to Credentials.
In the APIs Credentials menu, select OAuth client ID.
In the window that opens:
In the Application type menu, select Web application.
In the Authorized redirect URIs field, type in
<keycloak-url>/auth/realms/iam/broker/google/endpoint, where<keycloak-url>is the corresponding DNS address.Press Enter to add the URI.
Click Create.
A page with your client ID and client secret opens. Save these credentials for further usage.
Log in to the bootstrap node.
Open
templates/bm/cluster.yaml.template.In the
keycloak:externalIdP:section, add the following snippet with your credentials created in previous steps:keycloak: externalIdP: google: enabled: true config: clientId: <Google_OAuth_client_ID> clientSecret: <Google_OAuth_client_secret>
Now, return to the bootstrap instruction for your management cluster.