BareMetalHostCredential resource¶
This section describes the BareMetalHostCredential custom resource (CR)
used in the management API for MOSK. The
BareMetalHostCredential object is created for each
BareMetalHostInventory and contains all information about the Baseboard
Management Controller (bmc) credentials.
Note
Before update of the management cluster to Container Cloud 2.29.0
(Cluster release 16.4.0), instead of BareMetalHostInventory, use the
BareMetalHost object. For details, see BareMetalHost resource.
Caution
While the Cluster release of the management cluster is 16.4.0,
BareMetalHostInventory operations are allowed to
m:kaas@management-admin only. This limitation is lifted once the
management cluster is updated to the Cluster release 16.4.1 or later.
Warning
The kubectl apply command automatically saves the
applied data as plain text into the
kubectl.kubernetes.io/last-applied-configuration annotation of the
corresponding object. This may result in revealing sensitive data in this
annotation when creating or modifying the object.
Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.
If you used kubectl apply on this object, you
can remove the kubectl.kubernetes.io/last-applied-configuration
annotation from the object using kubectl edit.
For demonstration purposes, the BareMetalHostCredential CR can be split
into the following sections:
BareMetalHostCredential metadata¶
The BareMetalHostCredential metadata contains the following fields:
apiVersionAPI version of the object that is
kaas.mirantis.com/v1alpha1
kindObject type that is
BareMetalHostCredential
metadataThe metadata field contains the following subfields:
nameName of the
BareMetalHostCredentialobject
namespaceProject in which the related
BareMetalHostInventoryobject is created
labelsLabels used by the bare metal provider:
kaas.mirantis.com/regionRegion name
Note
The
kaas.mirantis.com/regionlabel is removed from all MOSK objects in 24.1. Therefore, do not add the label starting with this release. On existing clusters updated to this release, or if added manually, MOSK ignores this label.
BareMetalHostCredential configuration¶
The spec section for the BareMetalHostCredential object contains
sensitive information that is moved to a separate Secret object during
cluster deployment:
usernameUser name of the
bmcaccount with administrator privileges to control the power state and boot source of the bare metal host
passwordDetails on the user password of the
bmcaccount with administrator privileges:valuePassword that will be automatically removed once saved in a separate
Secretobject
nameName of the
Secretobject where credentials are saved
The BareMetalHostCredential object creation triggers the following
automatic actions:
Create an underlying
Secretobject containing data aboutusernameandpasswordof thebmcaccount of the relatedBareMetalHostCredentialobject.Erase sensitive
passworddata of thebmcaccount from theBareMetalHostCredentialobject.Add the created
Secretobject name to thespec.password.namesection of the relatedBareMetalHostCredentialobject.Update
BareMetalHostInventory.spec.bmc.bmhCredentialsNamewith theBareMetalHostCredentialobject name.Note
Before Container Cloud 2.29.0 (Cluster releases 17.4.0 and 16.4.0),
BareMetalHost.spec.bmc.credentialsNamewas updated with theBareMetalHostCredentialobject name.
Note
When you delete a BareMetalHostInventory object, the related
BareMetalHostCredential object is deleted automatically.
Note
On existing clusters, a BareMetalHostCredential object is
automatically created for each BareMetalHostInventory object during a
cluster update.
Example of BareMetalHostCredential before the cluster deployment starts:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
value: superpassword
Example of BareMetalHostCredential created during cluster deployment:
apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
name: hw-master-0-credetnials
namespace: default
spec:
username: admin
password:
name: secret-cv98n7c0vb9