BareMetalHostCredential

Available since 2.21.0 and 2.21.1 for MOSK 22.5

This section describes the BareMetalHostCredential custom resource (CR) used in the Mirantis Container Cloud API. The BareMetalHostCredential object is created for each BareMetalHost and contains all information about the Baseboard Management Controller (bmc) credentials.

Warning

The kubectl apply command automatically saves the applied data as plain text into the kubectl.kubernetes.io/last-applied-configuration annotation of the corresponding object. This may result in revealing sensitive data in this annotation when creating or modifying the object.

Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.

If you used kubectl apply on this object, you can remove the kubectl.kubernetes.io/last-applied-configuration annotation from the object using kubectl edit.

For demonstration purposes, the BareMetalHostCredential CR can be split into the following sections:

BareMetalHostCredential metadata

The BareMetalHostCredential metadata contains the following fields:

  • apiVersion

    API version of the object that is kaas.mirantis.com/v1alpha1

  • kind

    Object type that is BareMetalHostCredential

  • metadata

    The metadata field contains the following subfields:

    • name

      Name of the BareMetalHostCredential object

    • namespace

      Container Cloud project in which the related BareMetalHost object was created

    • labels

      Labels used by the bare metal provider:

      • kaas.mirantis.com/region

        Region name

        Note

        The kaas.mirantis.com/region label is removed from all Container Cloud objects in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.

BareMetalHostCredential configuration

The spec section for the BareMetalHostCredential object contains sensitive information that is moved to a separate Secret object during cluster deployment:

  • username

    User name of the bmc account with administrator privileges to control the power state and boot source of the bare metal host

  • password

    Details on the user password of the bmc account with administrator privileges:

    • value

      Password that will be automatically removed once saved in a separate Secret object

    • name

      Name of the Secret object where credentials are saved

The BareMetalHostCredential object creation triggers the following automatic actions:

  1. Create an underlying Secret object containing data about username and password of the bmc account of the related BareMetalHostCredential object.

  2. Erase sensitive password data of the bmc account from the BareMetalHostCredential object.

  3. Add the created Secret object name to the spec.password.name section of the related BareMetalHostCredential object.

  4. Update BareMetalHost.spec.bmc.credentialsName with the BareMetalHostCredential object name.

Note

When you delete a BareMetalHost object, the related BareMetalHostCredential object is deleted automatically.

Note

On existing clusters, a BareMetalHostCredential object is automatically created for each BareMetalHost object during a cluster update.

Example of BareMetalHostCredential before the cluster deployment starts:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
spec:
  username: admin
  password:
    value: superpassword

Example of BareMetalHostCredential created during cluster deployment:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
spec:
  username: admin
  password:
    name: secret-cv98n7c0vb9