Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set will cover all product layers, including MOSK management (formerly MCC). This means everything you need will be in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Generate a kubeconfig for a MOSK cluster using API

This section describes how to generate a MOSK cluster kubeconfig using the Container Cloud API. You can also download a MOSK cluster kubeconfig using the Download Kubeconfig option in the Container Cloud web UI. For details, see Connect to a MOSK cluster.

To generate a MOSK cluster kubeconfig using API:

  1. Obtain the following details:

    • Your <username> with the corresponding password that were created after the management cluster bootstrap as described in Create initial users after a management cluster bootstrap.

    • The kubeconfig of your <username> that you can download through the Container Cloud web UI using Download Kubeconfig located under your <username> on the top-left of the page.

  2. Obtain the <cluster> object of the <cluster_name> MOSK cluster:

    kubectl get cluster <cluster_name> -n <project_name> -o yaml
    
  3. Obtain the access token from Keycloak for the <username> user:

    curl -d 'client_id=<cluster.status.providerStatus.oidc.clientId>' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>' -d 'grant_type=password' -d 'response_type=id_token' -d 'scope=openid' <cluster.status.providerStatus.oidc.issuerURL>/protocol/openid-connect/token
    
  4. Generate the MOSK cluster kubeconfig using the data from <cluster.status> and <token> obtained in the previous steps. Use the following template as an example:

    apiVersion: v1
    clusters:
      - name: <cluster_name>
        cluster:
          certificate-authority-data: <cluster.status.providerStatus.apiServerCertificate>
          server: https://<cluster.status.providerStatus.loadBalancerHost>:443
    contexts:
      - context:
          cluster: <cluster_name>
          user: <username>
        name: <username>@<cluster_name>
    current-context: <username>@<cluster_name>
    kind: Config
    preferences: {}
    users:
      - name: <username>
        user:
          auth-provider:
            config:
              client-id: <cluster.status.providerStatus.oidc.clientId>
              idp-certificate-authority-data: <cluster.status.providerStatus.oidc.certificate>
              idp-issuer-url: <cluster.status.providerStatus.oidc.issuerUrl>
              refresh-token: <token.refresh_token>
              id-token: <token.id_token>
            name: oidc