Create a Kubernetes secret to keep VMS user credentials or authentication token that VAST COSI Driver will use to communicate with the VAST cluster. You need to supply the name of the secret when creating the VAST COSI Driver's Helm chart configuration file.
This Kubernetes secret will be used for all bucket classes defined for the VAST COSI Driver in its Helm chart configuration file. The VAST cluster to connect is specified on the endpoint parameter in the configuration file.
Do either of the following:
Create a Secret with a VMS Authentication Token
Note
VMS authentication tokens are supported with VAST Cluster 5.3 or later.
To create a Kubernetes secret with the VMS user's authentication token:
Create a YAML file with the following content:
apiVersion: v1 kind: Secret metadata: name: <secret name> type: Opaque data: endpoint: <VAST cluster hostname> token: <VMS user's token> sslCert: <path to SSL certificate>Where:
(Required)
nameis the name of the Kubernetes secret.(Required)
endpointsets the hostname FQDN or IP address of the VMS URL of the VAST cluster where you want to provision block volumes.(Required)
tokenis the VMS authentication token of the VMS user to connect to the VAST cluster. The token must be Base64-encoded.(Optional)
sslCertis only required if you are using SSL encryption with a self-signed SSL certificate. It specifies the path to the SSL certificate.
Apply the YAML file:
kubectl apply -f <path to the YAML file>Note
If you are creating the secret in a namespace that is different from the namespace used to install the driver's Helm chart, specify the secret's namespace on the command:
-n <secret's namespace>.
Alternatively, you can create a secret with the following command:
kubectl create secret generic <secret name> \
--from-literal=endpoint='vms.example.com' \
--from-literal=token='<VMS user token>' \
--from-file=ssl_cert='<path to SSL certificate>' \
-n <secret's namespace>For example:
kubectl create secret generic vast-mgmt \
--from-literal=endpoint='vms.example.com' \
--from-literal=token='xxxxxxxxxххххххххххххххххххххххххххххххх' \
--from-file=ssl_cert='VastCerts/RootCA.crt' \
-n secret_namespaceCreate a Secret with VMS User Credentials
To create a Kubernetes secret with VMS user credentials:
Create a YAML file with the following content:
apiVersion: v1 kind: Secret metadata: name: <secret name> type: Opaque data: endpoint: <VAST cluster hostname> username: <VMS user's username> password: <VMS user's password> sslCert: <path to SSL certificate>Where:
(Required)
nameis the name of the Kubernetes secret.(Required)
endpointsets the hostname FQDN or IP address of the VMS URL of the VAST cluster where you want to provision block volumes.(Required)
usernameis the username of the VMS user to connect to the VAST cluster. The username must be Base64-encoded.(Required)
passwordis the password for the VMS user connecting to the VAST cluster. The password must be Base64-encoded.(Optional)
sslCertis only required if you are using SSL encryption with a self-signed SSL certificate. It specifies the path to the SSL certificate.
Apply the YAML file:
kubectl apply -f <path to the YAML file>Note
If you are creating the secret in a namespace that is different from the namespace used to install the driver's Helm chart, specify the secret's namespace on the command:
-n <secret's namespace>.
Alternatively, you can create a secret with the following command:
kubectl create secret generic <secret name> \
--from-literal=endpoint='vms.example.com' \
--from-literal=username='<VMS user's username>' \
--from-literal=password='<VMS user's password>' \
--from-file=ssl_cert='<path to SSL certificate>' \
-n <secret's namespace>For example:
kubectl create secret generic vast-mgmt \
--from-literal=endpoint='vms.example.com' \
--from-literal=username='user1' \
--from-literal=password='xxxxxxxxx' \
--from-file=ssl_cert='VastCerts/RootCA.crt' \
-n secret_namespace