CCE.Secret

Element Description

The CCE.Secret element is used to provide encryption information storage services for the cluster creation of Huawei CCE. The Secret object can contain sensitive configuration information such as usernames, passwords, and certificates.

Currently, dynamic mounting is not supported.

Element Properties

**Table 1** Property Description
Property	Required	Descripiton
k8sManifest	No	K8s-native manifest object of the secret, based on which you can create secret resources to replace other configuration items Type: dict Value Description: Supports customization. You are not advised to change the name and labels under the metadata during an update. Suggestion: Customize the value. You are advised to set the value based on the following example or query the CCE secret documentation at https://support.huaweicloud.com/eu/api-cce/cce_02_0042.html.
name	No	Name of the CCE secret created by a user Type: string Value Description: Supports customization, for example, my-secret. Default: '' Value Constraint: The value supports a maximum of 63 characters. This value is unique under a tenant, and must meet the following requirement: {"regex":"^[a-zA-Z][0-9a-zA-Z-_]$","max_length":63}. Suggestion:* Customize the value.
clusterId	No	ID of the cluster to which the resource belongs Type: HuaweiCloud.CCE.Cluster.Id Value Description: Indicates the ID of an existing or new container cluster. Value Constraint: The value must satisfy the UUID rule and support a maximum of 64 characters. Suggestion: Enter the cluster ID. Specifically, log in to the CCE console, and choose Resource Management > Clusters. Click the target cluster, and you can then obtain its cluster ID. Connect to the cluster object and use the get_reference function to obtain the cluster ID.
namespace	No	Namespace in a cluster where a resource is located Type: string Value Description: Must be a valid namespace in the cluster, for example, default. Value Constraint: The value must start with a letter. Only lowercase letters, digits, and hyphens (-) are allowed. Suggestion: Log in to the CCE console, and choose Resource Management > Namespaces. View and select the target namespace.
data	No	Secret data, consisting of keys and values Type: dict Value Description: Supports customization. Suggestion: You are advised to use the name and data modes to create a secret so that the secret is encrypted for storage.
type	No	Key type Type: string Value Description: Supports Opaque or customization. Default: Opaque Suggestion: To view the available secret types, log in to the CCE console, and choose Configuration Center > Secret > Create Secret > Type. This parameter can be self-defined.

Relationships Between Elements

**Table 2** Relationship description
Description	Target
DependsOn	AOS.Batch
DependsOn	DCS.Redis
DependsOn	RDS.MySQL
DependsOn	CCE.Storage.EVS
DependsOn	OBS.Bucket
DependsOn	CCE.Storage.SFS
DependsOn	CCE.ConfigMap
DependsOn	CCE.Job
DependsOn	CCE.Storage.OBS
DependsOn	CCE.DaemonSet
DependsOn	CCE.Secret
DependsOn	CCE.Service
DependsOn	CCE.Ingress
DependsOn	CCE.StatefulSet
DependsOn	CCE.NodePool
DependsOn	CCE.Deployment
DependsOn	CCE.Pod
DependsOn	RDS.PostgreSQL
ContainedIn	CCE.Cluster

Return Value

Property	Type	Description
refID	string	ID of the encryption information storage service
refName	string	Name of the encryption information storage service

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  name:
    default: my-secret
  xx-value:
    default: abcd
  yy-value:
    default: efgh
node_templates:
  mysecret:
    type: HuaweiCloud.CCE.Secret
    properties:
      name: {get_input: name}
      data:
        xx: {get_input: xx-value}
        yy: {get_input: yy-value}

Parent topic: List of Elements

Previous topic: CCE.Pod

Next topic: CCE.Service