Creating a Secret
Scenario
A secret is a type of resource that holds sensitive data, such as authentication and key information. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.
Procedure
- Log in to the CCE console and access the cluster details page.
- Choose ConfigMaps and Secrets in the navigation pane, click the Secrets tab, and click Create Secret in the upper right corner.
- Set parameters.
Table 1 Parameters for creating a secret Parameter
Description
Name
Name of the secret you create, which must be unique.
Namespace
Namespace to which the secret belongs. If you do not specify this parameter, the value default is used by default.
Description
Description of a secret.
Type
Type of the secret you create.
- Opaque: common secret.
- kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
- IngressTLS: a secret that stores the certificate required by ingresses (layer-7 load balancing Services).
- Other: another type of secret, which is specified manually.
Secret Data
Workload secret data can be used in containers.
- If Secret Type is Opaque, click
. In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding. - If the secret type is kubernetes.io/dockerconfigjson, enter the account and password of the private image repository.
- If the secret type is IngressTLS, upload the certificate file and private key file. NOTE:
- A certificate is a self-signed or CA-signed credential used for identity authentication.
- A certificate request is a request for a signature with a private key.
Secret Label
Label of the secret. Enter a key-value pair and click Add.
- After the configuration is complete, click OK.
The new secret is displayed in the key list.
Secret Resource File Configuration
This section describes configuration examples of secret resource description files.
For example, you can retrieve the username and password for a workload through a secret.
- YAML format
The secret.yaml file is defined as shown below. The value must be based on the Base64 coding method. For details about the method, see Base64 Encoding.
apiVersion: v1 kind: Secret metadata: name: mysecret #Secret name namespace: default #Namespace. The default value is default. data: username: ****** #The value must be Base64-encoded. password: ****** #The value must be encoded using Base64. type: Opaque #You are advised not to change this parameter value.
Creating a Secret Using kubectl
- According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
- Create and edit the Base64-encoded cce-secret.yaml file.
# echo -n "content to be encoded" | base64 ******
vi cce-secret.yaml
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: ****** password: ******
- Create a secret.
kubectl create -f cce-secret.yaml
You can query the secret after creation.
kubectl get secret
Related Operations
The secret list contains system secret resources that can be queried only. The system secret resources cannot be updated or deleted.
| Operation | Description |
|---|---|
| Viewing a YAML file | Click View YAML next to the secret name to view the YAML file corresponding to the current secret. |
| Updating a secret |
|
| Deleting a secret | Select the secret you want to delete and click Delete. Follow the prompts to delete the secret. |
| Deleting secrets in batches |
|
Last Article: Using a ConfigMap
Next Article: Using a Secret
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.