Create initial users after a management cluster bootstrap

Once you bootstrap your management or regional cluster, create Keycloak users for access to the Container Cloud web UI. Use the created credentials to log in to the Container Cloud web UI. Mirantis recommends creating at least two users, user and operator, that are required for a typical Container Cloud deployment.

To create the user for access to the Container Cloud web UI, use the following command:

./container-cloud bootstrap user add --username <userName> --roles <roleName>
--kubeconfig <pathToMgmtKubeconfig>

Note

You will be asked for the user password interactively.

Set the following command flags as required:

Flag

Description

--username

Required. Name of the user to create.

--roles

Required. Comma-separated roles to assign to the user.

  • If you run the command without the --namespace flag, you can assign the following roles:

    • global-admin - read and write access for global role bindings

    • writer - read and write access

    • reader - view access

    • operator - required for bare metal deployments only to create and manage the BaremetalHost objects

  • If you run the command for a specific project using the --namespace flag, you can assign the following roles:

    • operator or writer - read and write access

    • user or reader - view access

    • member - read and write access (excluding IAM objects)

    • bm-pool-operator - required for bare metal deployments only to create and manage the BaremetalHost objects

--kubeconfig

Required. Path to the management cluster kubeconfig generated during the management cluster bootstrap.

--namespace

Optional. Name of the Container Cloud project where the user will be created. If not set, a global user will be created for all Container Cloud projects with the corresponding role access to view or manage all Container Cloud public objects.

--password-stdin

Optional. Flag to provide the user password from a file or stdin:

echo '$PASSWORD' | ./container-cloud bootstrap user add \
--username <userName> \
--roles <roleName> \
--kubeconfig <pathToMgmtKubeconfig> \
--password-stdin

To delete the user, run the following command:

./container-cloud bootstrap user delete --username <userName> --kubeconfig <pathToMgmtKubeconfig>