Version 1.7. This version is supported as outlined in the Anthos version support policy, offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem). Refer to the release notes for more details. This is the most recent version.

Credentials configuration file

This page describes the fields in a credentials configuration file for Anthos clusters on VMware (GKE on-prem).

You use a credentials configuration file to hold usernames and passwords. Here are some examples of how you would use a credentials configuration file:

  • In your admin cluster configuration file, specify a file that holds credentials for your vCenter server.

  • In your admin cluster configuration file, specify a file that holds credentials for your private Docker registry.

Template

Keeping credentials in a file that is separate from your cluster configuration file helps to limit the number of people who have access to the credentials.

Filling in the fields in a credentials configuration file

In your credentials configuration file, enter fields values as described in this section.

items

Array of objects, each of which holds a username and password.

items[0].name

String. A name of your choice for the object. For example:

items:
- name: "vcenter-creds"

items[0].username

String. A username. For example:

items:
- name: "vcenter-creds"
  username: "my-vcenter-account"

items[0].password

String. A password. For example:

items:
- name: "vcenter-creds"
  passwords: "U$icUKEW#INE"

Example of a credentials configuration file

Here's an example of a credentials configuration file that holds three sets of credentials.

apiVersion: v1
kind: "CredentialFile"
items:
- name: "vcenter-creds"
  username: "my-vcenter-account"
  password: "U$icUKEW#INE"
- name: "f5-creds"
  username: "my-f5-account"
  password: "exvQVx^@L%F1"
- name: "private-registry-creds"
  username: "my-registry-account"
  password: "kIJGS&uRm2Vh"

Notice that each block of credentials has a name. In your admin cluster configuration file, you specify the name of a credentials block in a fileRef.entry field.

Here's an example that shows portions of an admin cluster configuration file. You can see that the file specifies three blocks of credentials, all of which are in the same credentials file:

vCenter:
  credentials:
    fileRef:
      path: "my-folder/my-creds.yaml"
      entry: "vcenter-creds"
...
loadBalancer:
  f5BigIP:
    credentials:
      fileRef:
        path: "my-folder/my-creds.yaml"
        entry: "f5-creds"
...
privateRegistry:
  credentials:
    fileRef:
      path: "my-folder/my-creds.yaml"
      entry: "private-registry-creds"