BareMetalHostCredential¶
Available since 2.21.0 and 2.21.1 for MOSK 22.5
This section describes the BareMetalHostCredential
custom resource (CR)
used in the Mirantis Container Cloud API. The BareMetalHostCredential
object is created for each BareMetalHost
and contains all information
about the Baseboard Management Controller (bmc
) credentials.
Warning
The kubectl apply command automatically saves the
applied data as plain text into the
kubectl.kubernetes.io/last-applied-configuration
annotation of the
corresponding object. This may result in revealing sensitive data in this
annotation when creating or modifying the object.
Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.
If you used kubectl apply on this object, you
can remove the kubectl.kubernetes.io/last-applied-configuration
annotation from the object using kubectl edit.
For demonstration purposes, the BareMetalHostCredential
CR can be split
into the following sections:
BareMetalHostCredential metadata¶
The BareMetalHostCredential
metadata contains the following fields:
apiVersion
API version of the object that is
kaas.mirantis.com/v1alpha1
kind
Object type that is
BareMetalHostCredential
metadata
The metadata field contains the following subfields:
name
Name of the
BareMetalHostCredential
object
namespace
Container Cloud project in which the related
BareMetalHost
object was created
labels
Labels used by the bare metal provider:
kaas.mirantis.com/region
Region name
Note
The
kaas.mirantis.com/region
label is removed from all Container Cloud objects in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.
BareMetalHostCredential configuration¶
The spec
section for the BareMetalHostCredential
object contains
sensitive information that is moved to a separate
Secret
object during cluster deployment:
username
User name of the
bmc
account with administrator privileges to control the power state and boot source of the bare metal host
password
Details on the user password of the
bmc
account with administrator privileges:value
Password that will be automatically removed once saved in a separate
Secret
object
name
Name of the
Secret
object where credentials are saved
The BareMetalHostCredential
object creation triggers the following
automatic actions:
Create an underlying
Secret
object containing data aboutusername
andpassword
of thebmc
account of the relatedBareMetalHostCredential
object.Erase sensitive
password
data of thebmc
account from theBareMetalHostCredential
object.Add the created
Secret
object name to thespec.password.name
section of the relatedBareMetalHostCredential
object.Update
BareMetalHost.spec.bmc.credentialsName
with theBareMetalHostCredential
object name.
Note
When you delete a BareMetalHost
object, the related
BareMetalHostCredential
object is deleted automatically.
Note
On existing clusters, a BareMetalHostCredential
object is
automatically created for each BareMetalHost
object during a cluster
update.
Example of BareMetalHostCredential
before the cluster deployment starts:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
value: superpassword
Example of BareMetalHostCredential
created during cluster deployment:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
name: secret-cv98n7c0vb9