Finalize the bootstrap

  1. Run the bootstrap script:

    ./bootstrap.sh all
    
    • In case of deployment issues, refer to Troubleshooting and inspect logs.

    • If the script fails for an unknown reason:

      1. Run the cleanup script:

        ./bootstrap.sh cleanup
        
      2. Rerun the bootstrap script.

  2. When the bootstrap is complete, collect and save the following management cluster details in a secure location:

    • The kubeconfig file located in the same directory as the bootstrap script. This file contains the admin credentials for the management cluster.

    • The private ssh_key for access to the management cluster nodes that is located in the same directory as the bootstrap script.

      Note

      If the initial version of your Container Cloud management cluster was earlier than 2.6.0, ssh_key is named openstack_tmp and is located at ~/.ssh/.

    • The URL for the Container Cloud web UI.

      To create users with permissions required for accessing the Container Cloud web UI, see Create initial users after a management cluster bootstrap.

    • The StackLight endpoints. For details, see Access StackLight web UIs.

    • The Keycloak URL that the system outputs when the bootstrap completes. The admin password for Keycloak is located in kaas-bootstrap/passwords.yml along with other IAM passwords.

    Note

    The Container Cloud web UI and StackLight endpoints are available through Transport Layer Security (TLS) and communicate with Keycloak to authenticate users. Keycloak is exposed using HTTPS and self-signed TLS certificates that are not trusted by web browsers.

    To use your own TLS certificates for Keycloak, refer to Configure TLS certificates for management cluster applications.

    Note

    When the bootstrap is complete, the bootstrap cluster resources are freed up.

  3. Establish connection to the cluster private network:

    1. Install sshuttle.

    2. Obtain the cluster CIDR from the cluster specification:

      kubectl --kubeconfig <clusterKubeconfig> \
      get cluster <clusterName> -n <clusterProjectName> \
      -o jsonpath='{.spec.providerSpec.value.network.cidr}'
      
    3. Obtain the public IP address of the related Equinix Metal router:

      1. Log in to the Equinix Metal console of the related project.

      2. In the list of servers, capture the IP address of the related Equinix Metal router server listed in the IPV4 ADDRESS column.

    4. Establish connection to the cluster private network from your local machine:

      sshuttle <clusterCIDR> -r ubuntu@<routerPublicIP> --ssh-cmd 'ssh -i <pathToRouterSSHKey>'
      

    Now, you can access the Keycloak, StackLight, and Container Cloud web UIs.

  4. Follow the remaining steps in the Container Cloud on Terraform templates instruction.