Comment 17 for bug 1762754

The root cause of the issue is hostname/DNS resolution fails for auth-URLs & few other service URLS (magnum,heat etc).
Generally while configuring the OpenStack services we use "controller" instead of the IP, like example:

For Keystone:
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

For Magnum:
openstack endpoint create --region RegionOne \
  container-infra public http://controller:9511/v1

So when the k8s master node gets provisioned (as VM) it creates couple of containers, "heat-container-agent" which interns use those able mentioned configs to get the k8s registered & configured with the OpenStack. As the container can't resolve the "controller" DNS entry, so all communications with OpenStack API fails. So there are couple of fixes for this:
1. Configure an internal DNS so resolute the "controller" URLs or
2. Use IP instead of "controller" in those able mentioned configs.

Option 2 is for POC & #1 should be considered for the production or HA OpenStack clusters.