Pre-provisioned Create Secrets and Overrides

Create necessary secrets and overrides for pre-provisioned clusters. Most applications deployed through Kubernetes require access to databases, services, and other resources located externally. The easiest way to manage the login information necessary to access those resources is using secrets in order to help organize and distribute sensitive information across a cluster while minimizing the risk of sensitive information exposure.

DKP requires SSH access to your infrastructure with superuser privileges. You must provide an unencrypted SSH private key to DKP so secrets are a good way to achieve this. Populate the key and create the required secret, on your bootstrap cluster using the following procedure.

Create a Unique Cluster Name

Give your cluster a unique name suitable for your environment.

Set the environment variable to be used throughout this procedure:

export CLUSTER_NAME=preprovisioned-example

(Optional) If you want to create a unique cluster name, use this command. This creates a unique name every time you run it, so use it carefully.

export CLUSTER_NAME=preprovisioned-example-$(LC_CTYPE=C tr -dc 'a-z0-9' </dev/urandom | fold -w 5 | head -n1)
echo $CLUSTER_NAME

preprovisioned-example-pf4a3

Create a Secret

Create a secret that contains the SSH key with these commands:

export SSH_PRIVATE_KEY_FILE="<path-to-ssh-private-key>" 

export SSH_PRIVATE_KEY_SECRET_NAME=$CLUSTER_NAME-ssh-key

kubectl create secret generic ${SSH_PRIVATE_KEY_SECRET_NAME} --from-file=ssh-privatekey=${SSH_PRIVATE_KEY_FILE}
kubectl label secret ${SSH_PRIVATE_KEY_SECRET_NAME} clusterctl.cluster.x-k8s.io/move=

secret/preprovisioned-example-ssh-key created
secret/preprovisioned-example-ssh-key labeled

Create Overrides

In these steps, you will point your machines at the desired Registry to obtain the container images. If your pre-provisioned machines need to have Custom Override Files, create a secret that includes all the overrides you want to provide in one file.

1. Example CentOS7 and Docker:
   If you want to provide an override with Docker credentials and a different source for EPEL on a CentOS7 machine, you should create a file like this:

   CODE

   cat > overrides.yaml << EOF 
   image_registries_with_auth:
   - host: "registry-1.docker.io"
     username: "my-user"
     password: "my-password"
     auth: ""
     identityToken: ""
   
   epel_centos_7_rpm: https://my-rpm-repostory.org/epel/epel-release-latest-7.noarch.rpm
   EOF

   You can then create the related secret by running the following command:

   CODE

   kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=overrides.yaml=overrides.yaml
   kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

2. Example:
   When using Oracle 7 OS, you may wish to deploy the RHCK kernel instead of the default UEK kernel. To do so, add the following text to your overrides.yaml:

   CODE

   cat > overrides.yaml << EOF 
   ---
   oracle_kernel: RHCK
   EOF

   You can then create the related secret by running the following command:

   CODE

   kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=overrides.yaml=overrides.yaml
   kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

Related Topic

Pre-provisioned FIPS Create Secrets and Overrides

Next Topic

Pre-provisioned Define Control Plane Endpoint

If none of the customizations apply, continue to installation instructions for your environment:

• Pre-provisioned Install in a Non-air-gapped Environment
  OR

• Pre-provisioned Install in an Air-gapped Environment