Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Generate a kubeconfig for a MOSK cluster using API

This section describes how to generate a MOSK cluster kubeconfig using the MOSK management API. You can also download a MOSK cluster kubeconfig using the Download Kubeconfig option in the MOSK management console. For details, see Connect to a MOSK cluster.

To generate a MOSK cluster kubeconfig using API:

  1. Obtain the following details:

    • Your <username> with the corresponding password that were created after the management cluster bootstrap as described in Create initial users after a management cluster bootstrap.

    • The kubeconfig of your <username> that you can download through the MOSK management console using Download Kubeconfig located under your <username> on the top-left of the page.

  2. Obtain the <cluster> object of the <cluster_name> MOSK cluster:

    kubectl get cluster <cluster_name> -n <project_name> -o yaml

  3. Obtain the access token from Keycloak for the <username> user:

    curl -d 'client_id=<cluster.status.providerStatus.oidc.clientId>' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>' -d 'grant_type=password' -d 'response_type=id_token' -d 'scope=openid' <cluster.status.providerStatus.oidc.issuerURL>/protocol/openid-connect/token

  4. Generate the MOSK cluster kubeconfig using the data from <cluster.status> and <token> obtained in the previous steps. Use the following template as an example:

    apiVersion: v1
clusters:
  - name: <cluster_name>
    cluster:
      certificate-authority-data: <cluster.status.providerStatus.apiServerCertificate>
      server: https://<cluster.status.providerStatus.loadBalancerHost>:443
contexts:
  - context:
      cluster: <cluster_name>
      user: <username>
    name: <username>@<cluster_name>
current-context: <username>@<cluster_name>
kind: Config
preferences: {}
users:
  - name: <username>
    user:
      auth-provider:
        config:
          client-id: <cluster.status.providerStatus.oidc.clientId>
          idp-certificate-authority-data: <cluster.status.providerStatus.oidc.certificate>
          idp-issuer-url: <cluster.status.providerStatus.oidc.issuerUrl>
          refresh-token: <token.refresh_token>
          id-token: <token.id_token>
        name: oidc