Create initial users after a management cluster bootstrap

Caution

This feature is available starting from the Container Cloud release 2.10.0.

Once you bootstrap your management or regional cluster, create Keycloak users for access to the Container Cloud web UI. Use the created credentials to log in to the Container Cloud web UI. Mirantis recommends creating at least two users, reader and writer, that are required for a typical Container Cloud deployment.

To create the user for access to the Container Cloud web UI, use the following command:

kaas bootstrap user add --username <userName> --roles <roleName>
--kubeconfig <pathToMgmtKubeconfig>

Note

You will be asked for the user password interactively.

Set the following command flags as required:

Flag

Description

--username

Required. Name of the user to create.

--roles

Required. Role to assign to the user:

  • writer - read and write access

  • reader - view access

  • operator - required for bare metal deployments only to create and manage the BaremetalHost objects

--kubeconfig

Required. Path to the management cluster kubeconfig generated during the management cluster bootstrap.

--namespace

Optional. Name of the Container Cloud project where the user will be created. If not set, a global user will be created for all Container Cloud projects with the corresponding role access to view or manage all Container Cloud public objects.

--password-stdin

Optional. Flag to provide the user password from a file or stdin:

echo '$PASSWORD' | kaas bootstrap user add --username <userName> --roles <roleName> --kubeconfig <pathToMgmtKubeconfig> --password-stdin

To delete the user, run the following command:

kaas bootstrap user delete --username <userName> --kubeconfig <pathToMgmtKubeconfig>