VsphereCredential

This section describes the VsphereCredential custom resource (CR) used in Mirantis Container Cloud API. It contains all information necessary to connect to a provider back end.

Warning

The kubectl apply command automatically saves the applied data as plain text into the kubectl.kubernetes.io/last-applied-configuration annotation of the corresponding object. This may result in revealing sensitive data in this annotation when creating or modifying the object.

Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.

If you used kubectl apply on this object, you can remove the kubectl.kubernetes.io/last-applied-configuration annotation from the object using kubectl edit.

For demonstration purposes, the Container Cloud VsphereCredential custom resource (CR) can be split into the following sections:

Warning

The fields in this resource are available for viewing only. They are automatically generated by the vSphere cloud provider and must not be modified using the Container Cloud API.

metadata

The Container Cloud VsphereCredential custom resource (CR) contains the following fields:

  • apiVersion

    Object API version that is kaas.mirantis.com/v1alpha1.

  • kind

    Object type that is VsphereCredential.

The metadata object field of the VsphereCredential resource contains the following fields:

  • name

    Name of the VsphereCredential object

  • namespace

    Container Cloud project in which the VsphereCredential object has been created

  • labels
    • kaas.mirantis.com/regional-credential

      Must be true to use VsphereCredential for the management cluster

      Note

      The kaas.mirantis.com/regional-credential label is removed from in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.

    • kaas.mirantis.com/region

      Region name

      Note

      The kaas.mirantis.com/region label is removed from all Container Cloud objects in 2.26.0 (Cluster releases 17.1.0 and 16.1.0). Therefore, do not add the label starting these releases. On existing clusters updated to these releases, or if manually added, this label will be ignored by Container Cloud.

Configuration example:

apiVersion: kaas.mirantis.com/v1alpha1
kind: VsphereCredential
metadata:
  name: demo
  namespace: test
  labels:
    kaas.mirantis.com/regional-credential: "true"

VsphereCredential configuration

The spec object field of the VsphereCredential resource contains configuration and authentication details for the vSphere server. It contains the following fields:

  • vsphere

    vSphere server information:

    • server

      IP or host name of the vSphere server.

    • port

      vSphere server port.

    • insecure

      SSL certificate verification for connection. Possible values are false to enable and true to disable verification.

    • datacenter

      vSphere Data center name.

  • clusterApi

    Credentials of the user that manages vSphere virtual machines:

    • username

      Key name in the secret.

    • password

      Reference to the secret that contains the user password.

      • value

        User password.

  • cloudProvider

    Credentials of the user that manages storage and volumes for Kubernetes.

    • username

      Key name in the secret.

    • password

      Reference to the secret that contains the user password.

      • value

        User password.

Configuration example:

...
spec:
  vsphere:
    server: vcenter.server.example.org
    port: "443"
    insecure: true
    datacenter: example
  clusterApi:
    username: vm-user
    password: vm-user-password
  cloudProvider:
    username: storage-user
    password: storage-user-password