Next Steps

Post-installation configuration tasks
You're viewing a development version of manager, the latest released version is v1.4.1

Page not available in that version

The current page Next Steps doesn't exist in version v1.4.1 of the documentation for this product.
We can take you to the closest parent section instead: /docs/acd/components/manager/v1.4.1/installation/

Overview

After completing the installation of the AgileTV CDN Manager (ESB3027), several post-installation configuration tasks must be performed before the system is ready for production use. This guide walks you through the essential next steps.

Prerequisites

Before proceeding, ensure:

  • The CDN Manager Helm chart is successfully deployed
  • All pods are in Running status
  • You have network access to the cluster hostname or IP
  • You have the default credentials available

Step 1: Access Zitadel Console

The first step is to configure user authentication through Zitadel Identity and Access Management (IAM).

  1. Navigate to the Zitadel Console:

    https://<manager-host>/ui/console

    Replace <manager-host> with your configured hostname (e.g., manager.local or manager.example.com).

    Important: The <manager-host> must match the first entry in global.hosts.manager from your Helm values exactly. Zitadel uses name-based virtual hosting and CORS validation. If the hostname does not match, authentication will fail.

  2. Log in with the default administrator credentials (also listed in the Glossary):

    • Username: admin@agiletv.dev
    • Password: Password1!

  3. Important: If prompted to configure Multi-Factor Authentication (MFA), you must skip this step for now. MFA is not currently supported. Attempting to configure MFA may lock you out of the administrator account.

  4. Security Recommendation: After logging in, create a new administrator account with proper roles. Once verified, disable or delete the default admin@agiletv.dev account. For details on required roles and administrator permissions, see Zitadel’s Administrator Documentation.

Zitadel requires an SMTP server to send email notifications and perform email validations.

  1. In the Zitadel Console, navigate to Settings > Default Settings

  2. Configure the SMTP settings:

    • SMTP Host: Your mail server hostname
    • SMTP Port: Typically 587 (TLS) or 465 (SSL)
    • SMTP Username: Mail account username
    • SMTP Password: Mail account password
    • Sender Address: Email address for outgoing mail (e.g., noreply@example.com)

  3. Save the configuration

Note: Without SMTP configuration, email-based user validation and password recovery features will not function.

Step 3: Create Additional User Accounts

Create user accounts for operators and administrators:

Tip: For detailed guidance on managing users, roles, and permissions in the Zitadel Console, see Zitadel’s User Management Documentation.

  1. In the Zitadel Console, navigate to Users > Add User

  2. Fill in the user details:

    • Username: Unique username
    • First Name: User’s first name
    • Last Name: User’s last name
    • Email: User’s email address (this is their login username)

    Known Issue: Due to a limitation in this release of Zitadel, the username must match the local part (the portion before the @) of the email address. For example, if the email is foo@example.com, the username must be foo.

    If these do not match, Zitadel may allow login with the mismatched local part while blocking the full email address. For instance, if username is foo but email is foo.bar@example.com, login with foo@example.com may succeed while foo.bar@example.com is blocked.

    Workaround: Always ensure the username matches the email local part exactly.

  3. Important: The following options must be configured:

    • Email Verified: Check this box to skip email verification
    • Set Initial Password: Enter a temporary password for the user

    Note: If you configured SMTP settings in Step 2, the user will receive an email asking to verify their address and set their initial password. If SMTP is not configured, you must check the “Email Verified” box and set an initial password manually, otherwise the user account will not be enabled.

  4. Click Create User

  5. Provide the user with:

    • Their username
    • The temporary password (if set manually)
    • The Zitadel Console URL

  6. Instruct the user to change their password on first login

Step 4: Configure User Roles and Permissions

Zitadel manages roles and permissions for accessing the CDN Manager:

  1. In the Zitadel Console, navigate to Roles

  2. Assign appropriate roles to users:

    • Admin: Full administrative access
    • Operator: Operational access without administrative functions
    • Viewer: Read-only access

  3. To assign a role:

    • Select the user
    • Click Add Role
    • Select the appropriate role
    • Save the assignment

Step 5: Access the MIB Frontend

The MIB Frontend is the web-based configuration GUI for CDN operators:

  1. Navigate to the MIB Frontend:

    https://<manager-host>/gui

  2. Log in using your Zitadel credentials

  3. Verify you can access the configuration interface

Step 6: Verify API Access

Test API connectivity to ensure the system is functioning:

curl -k https://<manager-host>/api/v1/health/ready

Expected response:

{
  "status": "ready"
}

See the API Guide for detailed API documentation.

Step 7: Configure TLS Certificates (If Not Done During Installation)

For production deployments, a valid TLS certificate from a trusted Certificate Authority should be configured. If you did not configure TLS certificates during installation, refer to Step 12: Configure TLS Certificates in the Installation Guide.

Step 8: Set Up Monitoring and Alerting

Configure monitoring dashboards and alerting:

  1. Access Grafana:

    • Navigate to https://<manager-host>/grafana
    • Log in with default credentials (also listed in the Glossary):
      • Username: admin
      • Password: edgeware

  2. Review Pre-built Dashboards:

    • System health dashboards are included by default
    • CDN metrics dashboards show routing and usage statistics

    Note: CDN Director instances automatically have DNS names configured for use in Grafana dashboards. The DNS name is derived from the name field in global.hosts.routers with .external appended. For example, a router named my-router-1 will have the DNS name my-router-1.external in Grafana configuration.

Step 9: Verify Kafka and PostgreSQL Health

Ensure the data layer components are healthy:

kubectl get pods

Verify the following pods are running:

ComponentPod Name PatternExpected Status
Kafkaacd-manager-kafka-controller-*Running (3 pods for production)
PostgreSQLacd-cluster-postgresql-0, acd-cluster-postgresql-1, acd-cluster-postgresql-2Running (3-node HA cluster)
Redisacd-manager-redis-master-*Running

All pods should show Running status with no restarts.

Step 10: Configure Availability Zones (Optional)

For improved network performance, configure availability zones to enable Topology Aware Hints. This optimizes service-to-pod routing by keeping traffic within the same zone when possible.

See the Performance Tuning Guide for detailed instructions on:

  • Labeling nodes with zone and region topology
  • Verifying topology configuration
  • Requirements for Topology Aware Hints to activate
  • Integration with pod anti-affinity rules

Note: This step is optional. If zone labels are not configured, the system will fall back to random load-balancing.

Step 11: Review System Configuration

Verify the initial configuration:

  1. Review Helm Values:

    helm get values acd-manager -o yaml

  2. Check Ingress Configuration:

    kubectl get ingress

  3. Verify Service Endpoints:

    kubectl get endpoints

Step 12: Document Your Deployment

Maintain documentation for your deployment:

  • Cluster hostname and IP addresses
  • Configuration file locations
  • User accounts and roles created
  • TLS certificate expiration dates
  • Backup procedures and schedules
  • Monitoring and alerting contacts

Next Steps

After completing post-installation configuration:

  1. Configuration Guide - Detailed system configuration options
  2. Operations Guide - Day-to-day operational procedures
  3. Metrics & Monitoring Guide - Comprehensive monitoring setup
  4. API Guide - REST API reference and integration examples

Troubleshooting

Cannot Access Zitadel Console

  • Verify DNS resolution or hosts file configuration
  • Check that Traefik ingress is running: kubectl get pods -n kube-system | grep traefik
  • Review Traefik logs: kubectl logs -n kube-system -l app.kubernetes.io/name=traefik

Authentication Failures

  • Verify Zitadel pods are healthy: kubectl get pods | grep zitadel
  • Check Zitadel logs: kubectl logs <zitadel-pod-name>
  • Ensure the external domain matches your hostname in Zitadel configuration

MIB Frontend Not Loading

  • Verify MIB Frontend pods are running: kubectl get pods | grep mib-frontend
  • Check for connectivity issues to Confd and API services
  • Review browser console for JavaScript errors

API Returns 401 Unauthorized

  • Verify you have a valid bearer token
  • Check token expiration
  • Ensure Zitadel authentication is functioning

For additional troubleshooting assistance, refer to the Troubleshooting Guide.