Prepare the VMware deployment user setup and permissions¶
To deploy Mirantis Container Cloud on the VMware vSphere-based environment, you need to prepare vSphere accounts for Container Cloud. Contact your vSphere administrator to set up the required users and permissions following the steps below:
Log in to the vCenter Server Web Console.
Create the
cluster-api
user with the following privileges:Note
Container Cloud uses two separate vSphere accounts for:
Cluster API related operations, such as create or delete VMs, and for preparation of the VM template using Packer
Storage operations, such as dynamic PVC provisioning
You can also create one user that has all privileges sets mentioned above.
The cluster-api user privileges
Privilege
Permission
Content library
Download files
Read storage
Sync library item
Datastore
Allocate space
Browse datastore
Low-level file operations
Update virtual machine metadata
Distributed switch
Host operation
IPFIX operation
Modify
Network I/O control operation
Policy operation
Port configuration operation
Port setting operation
VSPAN operation
Folder
Create folder
Rename folder
Global
Cancel task
Host local operations
Create virtual machine
Delete virtual machine
Reconfigure virtual machine
Network
Assign network
Resource
Assign virtual machine to resource pool
Scheduled task
Create tasks
Modify task
Remove task
Run task
Sessions
Validate session
View and stop sessions
Storage views
View
Tasks
Create task
Update task
Virtual machine permissions¶ Privilege
Permission
Change configuration
Acquire disk lease
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change Memory
Change Settings
Change Swapfile placement
Change resource
Configure Host USB device
Configure Raw device
Configure managedBy
Display connection settings
Extend virtual disk
Modify device settings
Query Fault Tolerance compatibility
Query unowned files
Reload from path
Remove disk
Rename
Reset guest information
Set annotation
Toggle disk change tracking
Toggle fork parent
Upgrade virtual machine compatibility
Interaction
Configure CD media
Configure floppy media
Console interaction
Device connection
Inject USB HID scan codes
Power off
Power on
Reset
Suspend
Inventory
Create from existing
Create new
Move
Register
Remove
Unregister
Provisioning
Allow disk access
Allow file access
Allow read-only disk access
Allow virtual machine download
Allow virtual machine files upload
Clone template
Clone virtual machine
Create template from virtual machine
Customize guest
Deploy template
Mark as template
Mark as virtual machine
Modify customization specification
Promote disks
Read customization specifications
Snapshot management
Create snapshot
Remove snapshot
Rename snapshot
Revert to snapshot
vSphere replication
Monitor replication
Create the
storage
user with the following privileges:Note
For more details about all required privileges for the
storage
user, see vSphere Cloud Provider documentation.The storage user privileges
Privilege
Permission
Cloud Native Storage
Searchable
Content library
View configuration settings
Datastore
Allocate space
Browse datastore
Low level file operations
Remove file
Folder
Create folder
Host configuration
Storage partition configuration
Host local operations
Create virtual machine
Delete virtual machine
Reconfigure virtual machine
Host profile
View
Profile-driven storage
Profile-driven storage view
Resource
Assign virtual machine to resource pool
Scheduled task
Create tasks
Modify task
Run task
Sessions
Validate session
View and stop sessions
Storage views
View
Virtual machine permissions¶ Privilege
Permission
Change configuration
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change Memory
Change Settings
Configure managedBy
Extend virtual disk
Remove disk
Rename
Inventory
Create from existing
Create new
Remove
For RHEL deployments, if you do not have a RHEL machine with the
virt-who
service configured to report the vSphere environment configuration and hypervisors information to RedHat Customer Portal or RedHat Satellite server, set up thevirt-who
service inside the Container Cloud machines for a proper RHEL license activation.Create a
virt-who
user with at least read-only access to all objects in the vCenter Data Center.The
virt-who
service on RHEL machines will be provided with thevirt-who
user credentials to properly manage RHEL subscriptions.For details on how to create the
virt-who
user, refer to the official RedHat Customer Portal documentation.
Now, proceed to Bootstrap a management cluster.