Managing Cloud Credentials
When you create a cluster hosted by an infrastructure provider, node templates are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node.
Node templates can use cloud credentials to access the credential information required to provision nodes in the infrastructure providers. The same cloud credential can be used by multiple node templates. By using a cloud credential, you do not have to re-enter access keys for the same cloud provider. Cloud credentials are stored as Kubernetes secrets.
Cloud credentials are only used by node templates if there are fields marked as password
. The default active
node drivers have their account access fields marked as password
, but there may be some inactive
node drivers, which are not using them yet. These node drivers will not use cloud credentials.
You can create cloud credentials in two contexts:
-
During creation of a node template for a cluster.
-
In the User Settings
Cloud credentials are bound to their creator’s user profile. They cannot be shared between non-admin users. However, admins are able to view and manage the cloud credentials of other users.
Creating a Cloud Credential from User Settings
-
Click ☰ > Cluster Management.
-
Click Cloud Credentials.
-
Click Create.
-
Click a cloud credential type. The values of this dropdown is based on the
active
node drivers in Rancher. -
Enter a name for the cloud credential.
-
Based on the selected cloud credential type, enter the required values to authenticate with the infrastructure provider.
-
Click Create.
Result: The cloud credential is created and can immediately be used to create node templates.
Updating a Cloud Credential
When access credentials are changed or compromised, updating a cloud credential allows you to rotate those credentials while keeping the same node template.
-
Click ☰ > Cluster Management.
-
Click Cloud Credentials.
-
Choose the cloud credential you want to edit and click the ⋮ > Edit Config.
-
Update the credential information and click Save.
Result: The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever new nodes are added.
Deleting a Cloud Credential
In order to delete cloud credentials, there must not be any node template associated with it. If you are unable to delete the cloud credential, delete any node templates that are still associated to that cloud credential.
-
Click ☰ > Cluster Management.
-
Click Cloud Credentials.
-
You can either individually delete a cloud credential or bulk delete.
-
To individually delete one, choose the cloud credential you want to edit and click the ⋮ > Delete.
-
To bulk delete cloud credentials, select one or more cloud credentials from the list. Click Delete.
-
-
Confirm that you want to delete these cloud credentials.