Bootstrap FreeKB - OpenShift - Machine Config Ignition Files
OpenShift - Machine Config Ignition Files
Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

I like to think of a machine as OpenShift representation of a Virtual Machine, such as an Amazon Web Services (AWS) EC2 Instance, or a VMWare Virtual Machine, and then a Node, and then the pods running on the node. Machine Configs can be used to configure the Virtual Machine Operating System, such as configuring a Linux systemd service such as sshd or chronyd or Network Manager.

 

Machine Configs use ignition files. Check out this article for details about the structure and format of ignition configurations.

https://coreos.github.io/ignition/configuration-v3_4

For example, let's list the secrets in namespace openshift-machine-api. Notice one of the secrets is master-user-data.

~]$ oc get secrets --namespace openshift-machine-api
NAME                                                 TYPE                                  DATA   AGE
builder-dockercfg-9lrwf                              kubernetes.io/dockercfg               1      691d
builder-token-k8hgw                                  kubernetes.io/service-account-token   4      691d
cluster-autoscaler-dockercfg-q7mvr                   kubernetes.io/dockercfg               1      691d
cluster-autoscaler-operator-cert                     kubernetes.io/tls                     2      691d
cluster-autoscaler-operator-dockercfg-9kzd2          kubernetes.io/dockercfg               1      691d
cluster-autoscaler-operator-token-bh7tt              kubernetes.io/service-account-token   4      691d
cluster-autoscaler-token-pckvl                       kubernetes.io/service-account-token   4      691d
cluster-baremetal-operator-dockercfg-vmppw           kubernetes.io/dockercfg               1      691d
cluster-baremetal-operator-tls                       kubernetes.io/tls                     2      691d
cluster-baremetal-operator-token-mqmv5               kubernetes.io/service-account-token   4      691d
cluster-baremetal-webhook-server-cert                kubernetes.io/tls                     2      691d
control-plane-machine-set-operator-dockercfg-4nn2z   kubernetes.io/dockercfg               1      629d
control-plane-machine-set-operator-tls               kubernetes.io/tls                     2      629d
control-plane-machine-set-operator-token-8glh9       kubernetes.io/service-account-token   4      629d
default-dockercfg-gbbxd                              kubernetes.io/dockercfg               1      691d
default-token-ndzch                                  kubernetes.io/service-account-token   4      691d
deployer-dockercfg-b7skj                             kubernetes.io/dockercfg               1      691d
deployer-token-9qtvh                                 kubernetes.io/service-account-token   4      691d
machine-api-controllers-dockercfg-hnl79              kubernetes.io/dockercfg               1      691d
machine-api-controllers-tls                          kubernetes.io/tls                     2      691d
machine-api-controllers-token-66tj5                  kubernetes.io/service-account-token   4      691d
machine-api-operator-dockercfg-cv955                 kubernetes.io/dockercfg               1      691d
machine-api-operator-machine-webhook-cert            kubernetes.io/tls                     2      380d
machine-api-operator-tls                             kubernetes.io/tls                     2      691d
machine-api-operator-token-mdxbg                     kubernetes.io/service-account-token   4      691d
machine-api-operator-webhook-cert                    kubernetes.io/tls                     2      691d
machine-api-termination-handler-dockercfg-r4z4q      kubernetes.io/dockercfg               1      691d
machine-api-termination-handler-token-rgd65          kubernetes.io/service-account-token   4      691d
master-user-data                                     Opaque                                2      691d
master-user-data-managed                             Opaque                                2      691d
vsphere-cloud-credentials                            Opaque                                2      691d
worker-user-data                                     Opaque                                2      691d
worker-user-data-managed                             Opaque                                2      691d

 

Let's get the JSON of the master-user-data secret. Notice there is a userData key.

~]$ oc get secret master-user-data --namespace openshift-machine-api --output json
{
    "apiVersion": "v1",
    "data": {
        "disableTemplating": "dHJ1ZQo=",
        "userData": "eyJpZ25. . .My4yLjAifX0="
    },
    "kind": "Secret",
    "metadata": {
        "creationTimestamp": "2023-07-07T15:32:27Z",
        "name": "master-user-data",
        "namespace": "openshift-machine-api",
        "resourceVersion": "1978",
        "uid": "f0715bb1-7468-434c-800d-fa04726f80e3"
    },
    "type": "Opaque"
}

 

userData contains the ignition configuration for users data.

~]$ oc get secret master-user-data --namespace openshift-machine-api --output jsonpath="{.data.userData}" | base64 --decode | jq
{
  "ignition": {
    "config": {
      "merge": [
        {
          "source": "https://10.11.12.13:22623/config/master"
        }
      ]
    },
    "security": {
      "tls": {
        "certificateAuthorities": [
          {
            "source": "data:text/plain;charset=utf-8;base64,LS0tLS1. . .Q0FURS0tLS0tCg=="
          }
        ]
      }
    },
    "version": "3.2.0"
  }
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter ccc21a in the box below so that we can be sure you are a human.