11 KiB
- original_name
cce_10_0153.html
Creating a Secret
Scenario
A secret is a type of resource that holds sensitive data, such as authentication and key information. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.
Procedure
Log in to the CCE console and access the cluster console.
Choose ConfigMaps and Secrets in the navigation pane, click the Secrets tab, and click Create Secret in the upper right corner.
Set parameters.
Table 1 Parameters for creating a secret Parameter Description Name Name of the secret you create, which must be unique. Namespace Namespace to which the secret belongs. If you do not specify this parameter, the value default is used by default. Description Description of a secret. Type Type of the secret you create.
- Opaque: common secret.
- kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
- IngressTLS: a secret that stores the certificate required by ingresses (layer-7 load balancing Services).
- Other: another type of secret, which is specified manually.
Secret Data Workload secret data can be used in containers.
If Secret Type is Opaque, click
. In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.If the secret type is kubernetes.io/dockerconfigjson, enter the account and password of the private image repository.
If the secret type is IngressTLS, upload the certificate file and private key file.
Note
- A certificate is a self-signed or CA-signed credential used for identity authentication.
- A certificate request is a request for a signature with a private key.
Secret Label Label of the secret. Enter a key-value pair and click Add. After the configuration is complete, click OK.
The new secret is displayed in the key list.
Secret Resource File Configuration
This section describes configuration examples of secret resource description files.
For example, you can retrieve the username and password for a workload through a secret.
YAML format
The secret.yaml file is defined as shown below. The value must be based on the Base64 coding method. For details about the method, see
Base64 Encoding <cce_10_0153__section175000605919>.apiVersion: v1 kind: Secret metadata: name: mysecret #Secret name namespace: default #Namespace. The default value is default. data: username: ****** #The value must be Base64-encoded. password: ****** #The value must be encoded using Base64. type: Opaque #You are advised not to change this parameter value.
Creating a Secret Using kubectl
According to
Connecting to a Cluster Using kubectl <cce_10_0107>, configure the kubectl command to connect an ECS to the cluster.Create and edit the Base64-encoded cce-secret.yaml file.
# echo -n "content to be encoded" | base64 ******vi cce-secret.yaml
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: ****** password: ******Create a secret.
kubectl create -f cce-secret.yaml
You can query the secret after creation.
kubectl get secret
Related Operations
After creating a secret, you can update or delete it as described in Table 2 <cce_10_0153__table555785274319>.
Note
The secret list contains system secret resources that can be queried only. The system secret resources cannot be updated or deleted.
| Operation | Description |
|---|---|
| Editing a YAML file | Click Edit YAML in the row where the target secret resides to edit its YAML file. |
| Updating a secret |
|
| Deleting a secret | Select the secret you want to delete and click Delete. Follow the prompts to delete the secret. |
| Deleting secrets in batches |
|
Base64 Encoding
To Base64-encode a string, run the echo -n content to be encoded | base64 command. The following is an example:
root@ubuntu:~# echo -n "content to be encoded" | base64
******