Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

BareMetalHostCredential resource

This section describes the BareMetalHostCredential custom resource (CR) used in the management API for MOSK. The BareMetalHostCredential object is created for each BareMetalHostInventory and contains all information about the Baseboard Management Controller (bmc) credentials.

Note

Before update of the management cluster to 2.29.0 (Cluster release 16.4.0), instead of BareMetalHostInventory, use the BareMetalHost object. For details, see BareMetalHost resource.

Caution

While the Cluster release of the management cluster is 16.4.0, BareMetalHostInventory operations are allowed to m:kaas@management-admin only. This limitation is lifted once the management cluster is updated to the Cluster release 16.4.1 or later.

Warning

The kubectl apply command automatically saves the applied data as plain text into the kubectl.kubernetes.io/last-applied-configuration annotation of the corresponding object. This may result in revealing sensitive data in this annotation when creating or modifying the object.

Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.

If you used kubectl apply on this object, you can remove the kubectl.kubernetes.io/last-applied-configuration annotation from the object using kubectl edit.

For demonstration purposes, the BareMetalHostCredential CR can be split into the following sections:

• BareMetalHostCredential metadata

• BareMetalHostCredential configuration

BareMetalHostCredential metadata

The BareMetalHostCredential metadata contains the following fields:

• apiVersion

  API version of the object that is kaas.mirantis.com/v1alpha1

• kind

  Object type that is BareMetalHostCredential

• metadata

  The metadata field contains the following subfields:

  • name

    Name of the BareMetalHostCredential object

  • namespace

    Project in which the related BareMetalHostInventory object is created

  • labels

    Labels used by the bare metal provider:

    • kaas.mirantis.com/region

      Region name

      Note

      The kaas.mirantis.com/region label is removed from all MOSK objects in 24.1. Therefore, do not add the label starting with this release. On existing clusters updated to this release, or if added manually, MOSK ignores this label.

BareMetalHostCredential configuration

The spec section for the BareMetalHostCredential object contains sensitive information that is moved to a separate Secret object during cluster deployment:

• username

  User name of the bmc account with administrator privileges to control the power state and boot source of the bare metal host

• password

  Details on the user password of the bmc account with administrator privileges:

  • value

    Password that will be automatically removed once saved in a separate Secret object

  • name

    Name of the Secret object where credentials are saved

The BareMetalHostCredential object creation triggers the following automatic actions:

1. Create an underlying Secret object containing data about username and password of the bmc account of the related BareMetalHostCredential object.

2. Erase sensitive password data of the bmc account from the BareMetalHostCredential object.

3. Add the created Secret object name to the spec.password.name section of the related BareMetalHostCredential object.

4. Update BareMetalHostInventory.spec.bmc.bmhCredentialsName with the BareMetalHostCredential object name.

   Note

   Before MOSK 25.1 and MOSK management 2.29.0, BareMetalHost.spec.bmc.credentialsName was updated with the BareMetalHostCredential object name.

Note

When you delete a BareMetalHostInventory object, the related BareMetalHostCredential object is deleted automatically.

Note

On existing clusters, a BareMetalHostCredential object is automatically created for each BareMetalHostInventory object during a cluster update.

Example of BareMetalHostCredential before the cluster deployment starts:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
spec:
  username: admin
  password:
    value: superpassword

Example of BareMetalHostCredential created during cluster deployment:

apiVersion: kaas.mirantis.com/v1alpha1
kind: BareMetalHostCredential
metadata:
  name: hw-master-0-credetnials
  namespace: default
spec:
  username: admin
  password:
    name: secret-cv98n7c0vb9

See also

Change a user name and password for a bare metal host