Overview Base Command Manager (BCM) supports Cluster API for deploying Kubernetes clusters. This feature was introduced in BCM 10 and is documented in containerization manual chapter 8. Problem: Upstream changes in the Cluster API project and discontinued maintenance of the CAPI infrastructure provider (Bring Your Own Host) broke Cluster API…
How to Patch KubernetesCertsExpiration health check in BCM <= 10.25.03 This is the regression that is present in BCM 10.25.03 (and possibly 10.24.11). The KubernetesCertsExpiration health check script runs on Kubernetes control-plane nodes to keep track of expiring certificates. root@bcmhead1:~# cmsh [bcmhead1]% device use node001 [bcmhead1->device[node001]]% latesthealthdata Measurable Parameter…
1. Prerequisites This KB article is written with BCM 10.25.06 in mind, but will work with all versions of BCM 10 (and BCM 11) 1.1. Downloading the helper script These downloads will not be necessary if the version of BCM is either >= 10.25.06 or >= 11.25.05. # BCM 10+…
1. Prerequisites The following article was written with Bright Cluster Manager 10 and 11 in mind but should work the same for version 9.2 as well. For BCM 9.0 and 9.1, please refer to the old instructions in this version of the KB article: https://kb.brightcomputing.com/knowledge-base/etcd-membership-reconfiguration-in-bright-9-0/ The minimum required version of…
1. CVEs information Please refer to https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html for more information about the list CVE’s. CVE-2025-24513 CVE-2025-24514 CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 This KB article provides instructions for BCM 10 (section 2) and BCM 9.2 (section 3) where the Ingress controller is deployed through a manifest by BCM. Updating this component in Kubernetes…
Prerequisites The following article was written with Bright Cluster Manager version 10 (10.23.09 or newer) in mind. We assume we have shared storage available as a mount in /cm/shared, we will create a target directory there for our Etcd backups. The backup part of this KB article (Section 2) is…
A security issue has been found in nvidia-container-toolkit. Since the NVIDIA GPU Operator has the ability to take care of installing this toolkit on the Kubernetes hosts that require this provisioning for proper integration of GPUs with Kubernetes, this security issue might affect the GPU operator as well. This feature…
A security issue has been found in nvidia-container-toolkit. All nodes that have this package installed need to have the package updated. On BCM clusters, the package can be either called cm-nvidia-container-toolkit or nvidia-container-toolkit. The (cm-)nvidia-container-toolkit packages must be updated on the head nodes and in all relevant software images. 1….
In BCM 9.2 (and also earlier versions) we depended on the Pod Security Policies (PSP) feature of Kubernetes in order to restrict user privileges. PSP provided a way to block host system mounts from arbitrary directories, running privileged containers, and so on. However in Kubernetes 1.21 PSP was deprecated, and…
1. Prerequisites and Requirements We will setup the following: Kubernetes version: v1.30.5 Base Command Manager (BCM) version: 10.24.09 On Linux OS: Ubuntu 22.04, Ubuntu 24.04, Rocky Linux 9u3 or RHEL 9u3. On an air-gapped cluster (no internet access at all) The first instructions are to be executed on a host with…