Bootstrap a management cluster¶
After you complete the prerequisite steps described in Prerequisites, proceed with bootstrapping your Mirantis Container Cloud management cluster based on the Equinix Metal provider.
To bootstrap an Equinix Metal based management cluster:
Log in to the bootstrap node running Ubuntu 18.04 that is configured as described in Prerequisites.
Prepare the bootstrap script:
Download and run the Container Cloud bootstrap script:
wget https://binary.mirantis.com/releases/get_container_cloud.sh chmod 0755 get_container_cloud.sh ./get_container_cloud.sh
Change the directory to the
kaas-bootstrapfolder created by the script.
Obtain your license file that will be required during the bootstrap:
Create a user account at www.mirantis.com.
Log in to your account and download the
Save the license file as
kaas-bootstrapdirectory on the bootstrap node.
Prepare the Equinix Metal configuration:
Log in to the Equinix Metal console.
Select the project that you want to use for the Container Cloud deployment.
In Project Settings > General, capture your Project ID.
In Profile Settings > Personal API Keys, capture the existing user-level API Key or create a new one:
In Profile Settings > Personal API Keys, click Add New Key.
Fill in the Description and select the Read/Write permissions.
Click Add Key.
Change the directory to
spec:apiToken:valueusing the values obtained in the previous steps. For example:
spec: projectID: g98sd6f8-dc7s-8273-v8s7-d9v7395nd91 apiToken: value: Bi3m9c7qjYBD3UgsnSCSsqs2bYkbK
templates/equinix/cluster.yaml.template, modify the default configuration of the Equinix Metal
facilitydepending on the previously prepared capacity settings:
providerSpec: value: ... facility: am6
Also, modify other parameters as required.
templates/equinix/machines.yaml.template, modify the default configuration of the Equinix Metal machine type. The minimal required type is
providerSpec: value: ... machineType: c3.small.x86
Also, modify other parameters as required.
Optional. Configure the regional NTP server parameters to be applied to all machines of regional and managed clusters in the specified region.
templates/equinix/cluster.yaml.template, add the
ntp:serverssection with the list of required servers names:
spec: ... providerSpec: value: kaas: ... regional: - helmReleases: - name: equinix-provider values: config: lcm: ... ntp: servers: - 0.pool.ntp.org ... provider: equinixmetal ...
Export the following parameter:
If you require all Internet access to go through a proxy server, in
bootstrap.env, add the following environment variables to bootstrap the management and regional cluster using proxy:
export HTTP_PROXY=http://proxy.example.com:3128 export HTTPS_PROXY=http://user:email@example.com:3128 export NO_PROXY=172.18.10.0,registry.internal.lan
The following variables formats are accepted:
http://proxy.example.com:port- for anonymous access
http://user:firstname.lastname@example.org:port- for restricted access
Comma-separated list of IP addresses or domain names
For the list of Mirantis resources and IP addresses to be accessible from the Container Cloud clusters, see Requirements for an Equinix Metal based cluster.
Optional. Configure external identity provider for IAM.
Optional. If you are going to use your own TLS certificates for Keycloak, set
Re-verify that the selected Equinix Metal facility for the management cluster bootstrap is still available and has enough capacity:
packet-cli capacity check --facility $EQUINIX_FACILITY --plan $EQUINIX_MACHINE_TYPE --quantity $MACHINES_AMOUNT
In the system response, if the value in the
AVAILABILITYsection has changed from
false, find an available facility and update the previously configured
For details about the verification procedure, see Verify the capacity of the Equinix Metal facility.
Run the bootstrap script:
In case of deployment issues, refer to Troubleshooting. If the script fails for an unknown reason:
Run the cleanup script:
Rerun the bootstrap script.
If the bootstrap fails on the Connecting to bootstrap cluster step with the unable to initialize Tiller in bootstrap cluster: failed to establish connection with tiller error, refer to the known issue 16873 to identify possible root cause of the issue and apply the workaround, if applicable.
When the bootstrap is complete, collect and save the following management cluster details in a secure location:
kubeconfigfile located in the same directory as the bootstrap script. This file contains the admin credentials for the management cluster.
ssh_keyfor access to the management cluster nodes that is located in the same directory as the bootstrap script.
If the initial version of your Container Cloud management cluster was earlier than 2.6.0,
openstack_tmpand is located at
The URL for the Container Cloud web UI. Before the first login, create users with required permissions as described in Create initial users after a management cluster bootstrap.
The StackLight endpoints. For details, see Access StackLight web UIs.
The Keycloak URL that the system outputs when the bootstrap completes. The admin password for Keycloak is located in
kaas-bootstrap/passwords.ymlalong with other IAM passwords.
The Container Cloud web UI communicates with Keycloak to authenticate users. Keycloak is exposed using HTTPS and self-signed TLS certificates that are not trusted by web browsers.
To use your own TLS certificates for Keycloak, refer to Configure TLS certificates for management cluster applications.
When the bootstrap is complete, the bootstrap cluster resources are freed up.
Optional. Deploy an additional regional cluster of a different provider type or configuration as described in Deploy an additional regional cluster (optional).
Now, you can proceed with operating your management cluster using the Container Cloud web UI and deploying managed clusters as described in Create and operate an Equinix Metal based managed cluster.