Access the Keycloak Admin Console

Using the Keycloak Admin Console you can:

• Create or delete a user

• Grant or revoke roles to or from a user. The Keycloak administrator is responsible for assigning roles to users depending on the level of access they need in Container Cloud

Use the following credentials to access the Keycloak Admin Console:

• The console URL is outputted when the management cluster bootstrap completes. To obtain the URL:

  kubectl get cluster <mgmtClusterName>  -o=jsonpath='{.status.providerStatus.helm.releases.iam.keycloak.url}'
  

• The user name is keycloak by default.

• The password is located in passwords.yaml generated during bootstrap.

  You can also obtain the password from the iam-api-secrets secret in the kaas namespace of the management cluster and decode the content of the keycloak_password key:

  kubectl get secret iam-api-secrets -n kaas -o=jsonpath='{.data.keycloak_password}' | base64 -d