By default there is no root user set. A default user (c3os) is created and can use sudo without password authentication during LiveCD bootup.
On all nodes of the cluster it’s possible to invoke c3os get-kubeconfig to recover the kubeconfig file
Network tokens can be used to connect to the VPN created by the cluster. They are indeed tokens of edgevpn networks, and thus can be used to connect to with its CLI.
The c3os CLI can be used to connect as well, with the bridge command:
sudo c3os bridge --network-token <TOKEN>
The command needs root permissions as it sets up a local tun interface to connect to the VPN.
Afterward you can connect to localhost:8080 to access the network API and verify machines are connected.
See edgeVPN documentation on how to connect to the VPN with the edgeVPN cli, which is similar:
EDGEVPNTOKEN=<network_token> edgevpn --dhcp
c3os node at first boot will start the c3os-agent service, you can always check what’s happening by running journalctl -fu c3os-agent.
This service will setup k3s and edgevpn dynamically on first-boot, once it configures the machine it does not run on boot anymore, unless /usr/local/.c3os/deployed is removed..
Those are the steps executed in sequence by the c3os-agent service:
edgevpn@c3os service and enabled on start. The configuration for the connection is stored in /etc/systemd/system.conf.d/edgevpn-c3os.env and depends on the cloud-init configuration file provided during installation timek3s or k3s-agent service. Configuration for each service is stored in /etc/sysconfig/k3s and /etc/sysconfig/k3s-agent respectively