Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Now, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
BareMetalHostCredential resource¶
This section describes the BareMetalHostCredential custom resource (CR)
used in the management API for MOSK. The
BareMetalHostCredential object is created for each
BareMetalHostInventory and contains all information about the Baseboard
Management Controller (bmc) credentials.
Warning
The kubectl apply command automatically saves the
applied data as plain text into the
kubectl.kubernetes.io/last-applied-configuration annotation of the
corresponding object. This may result in revealing sensitive data in this
annotation when creating or modifying the object.
Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.
If you used kubectl apply on this object, you
can remove the kubectl.kubernetes.io/last-applied-configuration
annotation from the object using kubectl edit.
For demonstration purposes, the BareMetalHostCredential CR can be split
into the following sections:
BareMetalHostCredential metadata¶
The BareMetalHostCredential metadata contains the following fields:
apiVersionAPI version of the object that is
kaas.mirantis.com/v1alpha1
kindObject type that is
BareMetalHostCredential
metadataThe metadata field contains the following subfields:
nameName of the
BareMetalHostCredentialobject
namespaceProject in which the related
BareMetalHostInventoryobject is created
labelsLabels used by the bare metal provider:
kaas.mirantis.com/regionRegion name
Note
The
kaas.mirantis.com/regionlabel is removed from all MOSK objects in 24.1. Therefore, do not add the label starting with this release. On existing clusters updated to this release, or if added manually, MOSK ignores this label.
BareMetalHostCredential configuration¶
The spec section for the BareMetalHostCredential object contains
sensitive information that is moved to a separate Secret object during
cluster deployment:
usernameUser name of the
bmcaccount with administrator privileges to control the power state and boot source of the bare metal host
passwordDetails on the user password of the
bmcaccount with administrator privileges:valuePassword that will be automatically removed once saved in a separate
Secretobject
nameName of the
Secretobject where credentials are saved
The BareMetalHostCredential object creation triggers the following
automatic actions:
Create an underlying
Secretobject containing data aboutusernameandpasswordof thebmcaccount of the relatedBareMetalHostCredentialobject.Erase sensitive
passworddata of thebmcaccount from theBareMetalHostCredentialobject.Add the created
Secretobject name to thespec.password.namesection of the relatedBareMetalHostCredentialobject.Update
BareMetalHostInventory.spec.bmc.bmhCredentialsNamewith theBareMetalHostCredentialobject name.Note
Before MOSK 25.1 and MOSK management 2.29.0,
BareMetalHost.spec.bmc.credentialsNamewas updated with theBareMetalHostCredentialobject name.
Note
When you delete a BareMetalHostInventory object, the related
BareMetalHostCredential object is deleted automatically.
Note
On existing clusters, a BareMetalHostCredential object is
automatically created for each BareMetalHostInventory object during a
cluster update.
Example of BareMetalHostCredential before the cluster deployment starts:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
value: superpassword
Example of BareMetalHostCredential created during cluster deployment:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
name: secret-cv98n7c0vb9