Create initial users after a management cluster bootstrap


This feature is available starting from the Container Cloud release 2.10.0.

Once you bootstrap your management or regional cluster, create Keycloak users for access to the Container Cloud web UI. Use the created credentials to log in to the Container Cloud web UI. Mirantis recommends creating at least two users, reader and writer, that are required for a typical Container Cloud deployment.

To create the user for access to the Container Cloud web UI, use the following command:

kaas bootstrap user add --username <userName> --roles <roleName>
--kubeconfig <pathToMgmtKubeconfig>


You will be asked for the user password interactively.

Set the following command flags as required:




Required. Name of the user to create.


Required. Role to assign to the user:

  • writer - read and write access

  • reader - view access

  • operator - required for bare metal deployments only to create and manage the BaremetalHost objects


Required. Path to the management cluster kubeconfig generated during the management cluster bootstrap.


Optional. Name of the Container Cloud project where the user will be created. If not set, a global user will be created for all Container Cloud projects with the corresponding role access to view or manage all Container Cloud public objects.


Optional. Flag to provide the user password from a file or stdin:

echo '$PASSWORD' | kaas bootstrap user add --username <userName> --roles <roleName> --kubeconfig <pathToMgmtKubeconfig> --password-stdin

To delete the user, run the following command:

kaas bootstrap user delete --username <userName> --kubeconfig <pathToMgmtKubeconfig>