BareMetalHostCredential

Available since 2.21.0 for non-MOSK clusters

This section describes the BareMetalHostCredential custom resource (CR) used in the Mirantis Container Cloud API. The BareMetalHostCredential object is created for each BareMetalHost and contains all information about the Baseboard Management Controller (bmc) credentials.

For demonstration purposes, the BareMetalHostCredential CR can be split into the following sections:

BareMetalHostCredential metadata

The BareMetalHostCredential metadata contains the following fields:

  • apiVersion

    API version of the object that is kaas.mirantis.com/v1alpha1

  • kind

    Object type that is BareMetalHostCredential

  • metadata

    The metadata field contains the following subfields:

    • name

      Name of the BareMetalHostCredential object

    • namespace

      Container Cloud project in which the related BareMetalHost object was created

    • labels

      Labels used by the bare metal provider to obtain the matching region:

      • kaas.mirantis.com/region

BareMetalHostCredential configuration

The spec section for the BareMetalHostCredential object contains sensitive information that is moved to a separate Secret object during cluster deployment:

  • username

    User name of the bmc account with administrator privileges to control the power state and boot source of the bare metal host

  • password

    Details on the user password of the bmc account with administrator privileges:

    • value

      Password that will be automatically removed once saved in a separate Secret object

    • name

      Name of the Secret object where credentials are saved

The BareMetalHostCredential object creation triggers the following automatic actions:

  1. Create an underlying Secret object containing data about username and password of the bmc account of the related BareMetalHostCredential object.

  2. Erase sensitive password data of the bmc account from the BareMetalHostCredential object.

  3. Add the created Secret object name to the spec.password.name section of the related BareMetalHostCredential object.

  4. Update BareMetalHost.spec.bmc.credentialsName with the BareMetalHostCredential object name.

Note

When you delete a BareMetalHost object, the related BareMetalHostCredential object is deleted automatically.

Note

On existing clusters, a BareMetalHostCredential object is automatically created for each BareMetalHost object during a cluster update.

Example of BareMetalHostCredential before the cluster deployment starts:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
  labels:
    kaas.mirantis.com/region: region-one
spec:
  username: admin
  password:
    value: superpassword

Example of BareMetalHostCredential created during cluster deployment:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
  labels:
    kaas.mirantis.com/region: region-one
spec:
  username: admin
  password:
    name: secret-cv98n7c0vb9