Prepare the VMware deployment user setup and permissions

To deploy Mirantis Container Cloud on the VMware vSphere-based environment, you need to prepare vSphere accounts for Container Cloud. Contact your vSphere administrator to set up the required users and permissions following the steps below:

  1. Log in to the vCenter Server Web Console.

  2. Create the cluster-api user with the following privileges:

    Note

    Container Cloud uses two separate vSphere accounts for:

    • Cluster API related operations, such as create or delete VMs, and for preparation of the VM template using Packer

    • Storage operations, such as dynamic PVC provisioning

    You can also create one user that has all privileges sets mentioned above.

    The cluster-api user privileges

    Privilege

    Permission

    Content library

    • Download files

    • Read storage

    • Sync library item

    Datastore

    • Allocate space

    • Browse datastore

    • Low-level file operations

    • Update virtual machine metadata

    Distributed switch

    • Host operation

    • IPFIX operation

    • Modify

    • Network I/O control operation

    • Policy operation

    • Port configuration operation

    • Port setting operation

    • VSPAN operation

    Folder

    • Create folder

    • Rename folder

    Global

    Cancel task

    Host local operations

    • Create virtual machine

    • Delete virtual machine

    • Reconfigure virtual machine

    Network

    Assign network

    Resource

    Assign virtual machine to resource pool

    Scheduled task

    • Create tasks

    • Modify task

    • Remove task

    • Run task

    Sessions

    • Validate session

    • View and stop sessions

    Storage views

    View

    Tasks

    • Create task

    • Update task
    Virtual machine permissions

    Privilege

    Permission

    Change configuration

    • Acquire disk lease

    • Add existing disk

    • Add new disk

    • Add or remove device

    • Advanced configuration

    • Change CPU count

    • Change Memory

    • Change Settings

    • Change Swapfile placement

    • Change resource

    • Configure Host USB device

    • Configure Raw device

    • Configure managedBy

    • Display connection settings

    • Extend virtual disk

    • Modify device settings

    • Query Fault Tolerance compatibility

    • Query unowned files

    • Reload from path

    • Remove disk

    • Rename

    • Reset guest information

    • Set annotation

    • Toggle disk change tracking

    • Toggle fork parent

    • Upgrade virtual machine compatibility

    Interaction

    • Configure CD media

    • Configure floppy media

    • Console interaction

    • Device connection

    • Inject USB HID scan codes

    • Power off

    • Power on

    • Reset

    • Suspend

    Inventory

    • Create from existing

    • Create new

    • Move

    • Register

    • Remove

    • Unregister

    Provisioning

    • Allow disk access

    • Allow file access

    • Allow read-only disk access

    • Allow virtual machine download

    • Allow virtual machine files upload

    • Clone template

    • Clone virtual machine

    • Create template from virtual machine

    • Customize guest

    • Deploy template

    • Mark as template

    • Mark as virtual machine

    • Modify customization specification

    • Promote disks

    • Read customization specifications

    Snapshot management

    • Create snapshot

    • Remove snapshot

    • Rename snapshot

    • Revert to snapshot

    vSphere replication

    Monitor replication

  3. Create the storage user with the following privileges:

    Note

    For more details about all required privileges for the storage user, see vSphere Cloud Provider documentation.

    The storage user privileges

    Privilege

    Permission

    Cloud Native Storage

    Searchable

    Content library

    View configuration settings

    Datastore

    • Allocate space

    • Browse datastore

    • Low level file operations

    • Remove file

    Folder

    • Create folder

    Host configuration

    • Storage partition configuration

    Host local operations

    • Create virtual machine

    • Delete virtual machine

    • Reconfigure virtual machine

    Host profile

    View

    Profile-driven storage

    Profile-driven storage view

    Resource

    Assign virtual machine to resource pool

    Scheduled task

    • Create tasks

    • Modify task

    • Run task

    Sessions

    • Validate session

    • View and stop sessions

    Storage views

    View
    Virtual machine permissions

    Privilege

    Permission

    Change configuration

    • Add existing disk

    • Add new disk

    • Add or remove device

    • Advanced configuration

    • Change CPU count

    • Change Memory

    • Change Settings

    • Configure managedBy

    • Extend virtual disk

    • Remove disk

    • Rename

    Inventory

    • Create from existing

    • Create new

    • Remove

  4. For RHEL deployments, if you do not have a RHEL machine with the virt-who service configured to report the vSphere environment configuration and hypervisors information to RedHat Customer Portal or RedHat Satellite server, set up the virt-who service inside the Container Cloud machines for a proper RHEL license activation.

    Create a virt-who user with at least read-only access to all objects in the vCenter Data Center.

    The virt-who service on RHEL machines will be provided with the virt-who user credentials to properly manage RHEL subscriptions.

    For details on how to create the virt-who user, refer to the official RedHat Customer Portal documentation.

Now, proceed to Bootstrap a management cluster.