OpenStackCredential¶
This section describes the OpenStackCredential
custom resource (CR)
used in Mirantis Container Cloud API. It contains all required details
to connect to a provider backend.
Warning
The kubectl apply command automatically saves the
applied data as plain text into the
kubectl.kubernetes.io/last-applied-configuration
annotation of the
corresponding object. This may result in revealing sensitive data in this
annotation when creating or modifying the object.
Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.
If you used kubectl apply on this object, you
can remove the kubectl.kubernetes.io/last-applied-configuration
annotation from the object using kubectl edit.
For demonstration purposes, the Container Cloud OpenStackCredential
custom resource (CR) can be split into the following sections:
metadata¶
The Container Cloud OpenStackCredential
custom resource (CR) contains the following
fields:
apiVersion
Object API version that is kaas.mirantis.com/v1alpha1.
kind
Object type that is
OpenStackCredential
.
The metadata
object field of the OpenStackCredential
resource contains
the following fields:
name
Name of the
OpenStackCredential
object
namespace
Namespace in which the
OpenStackCredential
object has been created
labels
kaas.mirantis.com/provider
Provider type that matches the provider type in the Cluster object and must be
openstack
kaas.mirantis.com/regional-credential
Must be
true
to useOpenStackCredential
for the management cluster objectsNote
The
kaas.mirantis.com/regional-credential
label is removed from in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.
kaas.mirantis.com/region
Region name
Note
The
kaas.mirantis.com/region
label is removed from all Container Cloud objects in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.
Warning
Labels and annotations that are not documented in this API Reference are generated automatically by Container Cloud. Do not modify them using the Container Cloud API.
Configuration example:
apiVersion: kaas.mirantis.com/v1alpha1
kind: OpenStackCredential
metadata:
name: demo
namespace: test
labels:
kaas.mirantis.com/regional-credential: "true"
OpenStackCredential configuration¶
The spec
object field of the OpenStackCredential
resource
contains a cloud configuration to use for OpenStack authentication.
It contains the following fields:
auth
authURL
Identity endpoint URL.
password
value
Value of the password. This field is available only when the user creates or changes password. Once the controller detects this field, it updates the password in the secret and removes the
value
field from theOpenStackCredential
object.
secret
Reference to the
Secret
object that contains the password:key
Secret key name
name
Secret name
projectID
Unique ID of a project.
userDomainName
Name of a domain where the user resides.
userName
User name
regionName
Name of an OpenStack region.
CACert
Base64 encoded CA certificate bundle for verification of SSL API requests.
Configuration example:
...
spec:
auth:
authURL: https://container-cloud.ssl.example.com/v3
password:
secret:
key: value
name: cloud-config
projectDomainName: k8s-team
projectID: d67a2680ded144af8bcc91314e560616
projectName: k8s-team
userDomainName: default
userName: k8s-team
regionName: RegionOne