Skip to main content
Skip table of contents

Pre-provisioned Create Secrets and Overrides

Create necessary secrets and overrides for pre-provisioned clusters. Most applications deployed through Kubernetes require access to databases, services, and other resources located externally. The easiest way to manage the login information necessary to access those resources is using secrets in order to help organize and distribute sensitive information across a cluster while minimizing the risk of sensitive information exposure.

DKP requires SSH access to your infrastructure with superuser privileges. You must provide an unencrypted SSH private key to DKP so secrets are a good way to achieve this. Populate the key and create the required secret, on your bootstrap cluster using the following procedure.

Create a Unique Cluster Name

Give your cluster a unique name suitable for your environment.

Set the environment variable to be used throughout this procedure:

CODE
export CLUSTER_NAME=preprovisioned-example

(Optional) If you want to create a unique cluster name, use this command. This creates a unique name every time you run it, so use it carefully.

CODE
export CLUSTER_NAME=preprovisioned-example-$(LC_CTYPE=C tr -dc 'a-z0-9' </dev/urandom | fold -w 5 | head -n1)
echo $CLUSTER_NAME
CODE
preprovisioned-example-pf4a3

Create a Secret

Create a secret that contains the SSH key with these commands:

CODE
export SSH_PRIVATE_KEY_FILE="<path-to-ssh-private-key>" 
CODE
export SSH_PRIVATE_KEY_SECRET_NAME=$CLUSTER_NAME-ssh-key
CODE
kubectl create secret generic ${SSH_PRIVATE_KEY_SECRET_NAME} --from-file=ssh-privatekey=${SSH_PRIVATE_KEY_FILE}
kubectl label secret ${SSH_PRIVATE_KEY_SECRET_NAME} clusterctl.cluster.x-k8s.io/move=
CODE
secret/preprovisioned-example-ssh-key created
secret/preprovisioned-example-ssh-key labeled

Create Overrides

In these steps, you will point your machines at the desired Registry to obtain the container images. If your pre-provisioned machines need to have Custom Override Files, create a secret that includes all the overrides you want to provide in one file.

  1. Example CentOS7 and Docker:
    If you want to provide an override with Docker credentials and a different source for EPEL on a CentOS7 machine, you should create a file like this:

    CODE
    cat > overrides.yaml << EOF 
    image_registries_with_auth:
    - host: "registry-1.docker.io"
      username: "my-user"
      password: "my-password"
      auth: ""
      identityToken: ""
    
    epel_centos_7_rpm: https://my-rpm-repostory.org/epel/epel-release-latest-7.noarch.rpm
    EOF

    You can then create the related secret by running the following command:

    CODE
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=overrides.yaml=overrides.yaml
    kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

  2. Example:
    When using Oracle 7 OS, you may wish to deploy the RHCK kernel instead of the default UEK kernel. To do so, add the following text to your overrides.yaml:

    CODE
    cat > overrides.yaml << EOF 
    ---
    oracle_kernel: RHCK
    EOF

    You can then create the related secret by running the following command:

    CODE
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=overrides.yaml=overrides.yaml
    kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

Related Topic

Pre-provisioned FIPS Create Secrets and Overrides

Next Topic

Pre-provisioned Define Control Plane Endpoint

If none of the customizations apply, continue to installation instructions for your environment:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.