Updated on 2023-08-11 GMT+08:00

CCE.Secret

Element Description

The CCE.Secret element is used to provide encryption information storage services for the cluster creation of Huawei CCE. The Secret object can contain sensitive configuration information such as usernames, passwords, and certificates.

Currently, dynamic mounting is not supported.

Element Properties

Table 1 Property Description

Property

Required

Descripiton

k8sManifest

No

K8s-native manifest object of the secret, based on which you can create secret resources to replace other configuration items

Type: dict

Value Description: Supports customization. You are not advised to change the name and labels under the metadata during an update.

Suggestion: Customize the value. You are advised to set the value based on the following example or query the CCE secret documentation at https://support.huaweicloud.com/eu/api-cce/cce_02_0042.html.

name

No

Name of the CCE secret created by a user

Type: string

Value Description: Supports customization, for example, my-secret.

Default: ''

Value Constraint: The value supports a maximum of 63 characters. This value is unique under a tenant, and must meet the following requirement: {"regex":"^[a-zA-Z][0-9a-zA-Z-_]*$","max_length":63}.

Suggestion: Customize the value.

clusterId

No

ID of the cluster to which the resource belongs

Type: HuaweiCloud.CCE.Cluster.Id

Value Description: Indicates the ID of an existing or new container cluster.

Value Constraint: The value must satisfy the UUID rule and support a maximum of 64 characters.

Suggestion: Enter the cluster ID. Specifically, log in to the CCE console, and choose Resource Management > Clusters. Click the target cluster, and you can then obtain its cluster ID. Connect to the cluster object and use the get_reference function to obtain the cluster ID.

namespace

No

Namespace in a cluster where a resource is located

Type: string

Value Description: Must be a valid namespace in the cluster, for example, default.

Value Constraint: The value must start with a letter. Only lowercase letters, digits, and hyphens (-) are allowed.

Suggestion: Log in to the CCE console, and choose Resource Management > Namespaces. View and select the target namespace.

data

No

Secret data, consisting of keys and values

Type: dict

Value Description: Supports customization.

Suggestion: You are advised to use the name and data modes to create a secret so that the secret is encrypted for storage.

type

No

Key type

Type: string

Value Description: Supports Opaque or customization.

Default: Opaque

Suggestion: To view the available secret types, log in to the CCE console, and choose Configuration Center > Secret > Create Secret > Type. This parameter can be self-defined.

Relationships Between Elements

Table 2 Relationship description

Description

Target

DependsOn

AOS.Batch

DependsOn

DCS.Redis

DependsOn

RDS.MySQL

DependsOn

CCE.Storage.EVS

DependsOn

OBS.Bucket

DependsOn

CCE.Storage.SFS

DependsOn

CCE.ConfigMap

DependsOn

CCE.Job

DependsOn

CCE.Storage.OBS

DependsOn

CCE.DaemonSet

DependsOn

CCE.Secret

DependsOn

CCE.Service

DependsOn

CCE.Ingress

DependsOn

CCE.StatefulSet

DependsOn

CCE.NodePool

DependsOn

CCE.Deployment

DependsOn

CCE.Pod

DependsOn

RDS.PostgreSQL

ContainedIn

CCE.Cluster

Return Value

Property

Type

Description

refID

string

ID of the encryption information storage service

refName

string

Name of the encryption information storage service

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  name:
    default: my-secret
  xx-value:
    default: abcd
  yy-value:
    default: efgh
node_templates:
  mysecret:
    type: HuaweiCloud.CCE.Secret
    properties:
      name: {get_input: name}
      data:
        xx: {get_input: xx-value}
        yy: {get_input: yy-value}