Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Identity and access management

Identity and access management (IAM) provides a central point of users and permissions management of a MOSK cluster resources in a granular and unified manner. Also, IAM provides infrastructure for single sign-on user experience across all MOSK web portals.

IAM for MOSK consists of the following components:

Keycloak

• Provides the OpenID Connect endpoint

• Integrates with an external identity provider (IdP), for example, existing LDAP or Google Open Authorization (OAuth)

• Stores roles mapping for users

IAM Controller

• Provides IAM API with data about MOSK projects

• Handles all role-based access control (RBAC) components in Kubernetes API

IAM API

Provides an abstraction API for creating user scopes and roles

• External identity provider integration
• Authentication and authorization
  • Implementation flow
  • Kubernetes CLI authentication flow

See also

IAM resources