After you complete the prerequisite steps described in Prerequisites,
proceed with bootstrapping your AWS-based Mirantis Container Cloud
management cluster.
To bootstrap an AWS-based management cluster:
Log in to the bootstrap node running Ubuntu 20.04 that is configured
as described in Prerequisites.
Prepare the bootstrap script:
Download and run the Container Cloud bootstrap script:
Log in to your account and download the mirantis.lic license file.
Save the license file as mirantis.lic under the kaas-bootstrap
directory on the bootstrap node.
Verify that mirantis.lic contains the exact Container Cloud license
previously downloaded from www.mirantis.com
by decoding the license JWT token, for example, using jwt.io.
Example of a valid decoded Container Cloud license data with the mandatory
license field:
The MKE license does not apply to mirantis.lic. For
details about MKE license, see MKE documentation.
Prepare the AWS deployment templates:
Verify access to the target cloud endpoint from Docker. For example:
docker run --rm alpine sh -c "apk add --no-cache curl; \curl https://ec2.amazonaws.com"
The system output must contain no error records.
In case of issues, follow the steps provided in Troubleshooting.
Change the directory to the kaas-bootstrap folder.
In templates/aws/machines.yaml.template,
modify the spec:providerSpec:value section
by substituting the ami:id parameter with the corresponding value
for Ubuntu 20.04 from the required AWS region. For example:
Do not stop the AWS instances dedicated to the Container Cloud
clusters to prevent data failure and cluster disaster.
Optional. In templates/aws/cluster.yaml.template,
modify the values of the spec:providerSpec:value:bastion:amiId and
spec:providerSpec:value:bastion:instanceType sections
by setting the necessary Ubuntu AMI ID and instance type in the required
AWS region respectively. For example:
Optional. In templates/aws/cluster.yaml.template, modify the default
configuration of the AWS instance types and AMI IDs for further creation
of managed clusters:
providerSpec:value:...kaas:...regional:-provider:awshelmReleases:-name:aws-credentials-controllervalues:config:allowedInstanceTypes:minVCPUs:8# in MiBminMemory:16384# in GBminStorage:120supportedArchitectures:-"x86_64"filters:-name:instance-storage-info.disk.typevalues:-"ssd"allowedAMIs:--name:namevalues:-"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20210325"-name:owner-idvalues:-"099720109477"
Optional if servers from the Ubuntu NTP pool (*.ubuntu.pool.ntp.org)
are accessible from the node where the management cluster is being
provisioned. Otherwise, this step is mandatory.
Configure the regional NTP server parameters to be applied to all machines
of regional and managed clusters in the specified region.
In templates/aws/cluster.yaml.template, add the ntp:servers section
with the list of required servers names:
Generate the AWS Access Key ID with Secret Access Key for the user with
the IAMFullAccess permissions and select the AWS default region name.
For details, see AWS General Reference: Programmatic access.
Export the following parameters by adding the corresponding values
for the AWS IAMFullAccess user credentials created in the previous step:
Configure the bootstrapper.cluster-api-provider-aws.kaas.mirantis.com
user created in the previous steps:
Using your AWS Management Console, generate the AWS Access Key ID with
Secret Access Key for
bootstrapper.cluster-api-provider-aws.kaas.mirantis.com
and select the AWS default region name.
Note
Other authorization methods, such as usage of
AWS_SESSION_TOKEN, are not supported.
Export the AWS bootstrapper.cluster-api-provider-aws.kaas.mirantis.com
user credentials that were created in the previous step:
If you require all Internet access to go through a proxy server,
in bootstrap.env, add the following environment variables
to bootstrap the management and regional cluster using proxy:
Optional. Technology Preview. As of Container Cloud 2.18.0, enable Kubernetes
network encryption by adding the following field to the Cluster object
spec:
The Keycloak URL that the system outputs when the bootstrap completes.
The admin password for Keycloak is located in
kaas-bootstrap/passwords.yml along with other IAM passwords.
Note
The Container Cloud web UI and StackLight endpoints are available
through Transport Layer Security (TLS) and communicate with Keycloak
to authenticate users. Keycloak is exposed using HTTPS and
self-signed TLS certificates that are not trusted by web browsers.
Now, you can proceed with operating your management cluster using
the Container Cloud web UI and deploying managed clusters as described in
Create and operate an AWS-based managed cluster.