Comment 7 for bug 1585562

cinder-create-types specifies public keystone endpoint for cinder client (and uses is HTTPS scheme in case of enabled TLS)
https://github.com/openstack/fuel-library/blob/8.0/deployment/puppet/osnailyfacter/modular/openstack-cinder/create_cinder_types.pp#L44

Cinder client also by default uses public endpoint for cinder API (and it is also HTTPS in case of enabled TLS).

Workaround might be specify internal endpoint for cinder client
https://review.openstack.org/#/c/321101/

and use internal keystone endpoint for authentication.

What is reason of using public endpoints? We have isolated management network and endpoint for all services in it.