Managing Secrets
Secrets are user-defined resources that store authentication and sensitive information such as application keys. They can be used as files or environment variables in applications.
Prerequisites
- A CCE cluster has been bound to the environment. For details, see Binding a CCE Cluster.
- The namespace to which the secret belongs has been bound. For details, see Binding a Namespace.
Creating a Secret
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Cloud Container Engine from Compute.
- Go to the Secret page.
- For a non-HA environment, click the Secret tab.
- For an HA environment, click the bound CCE cluster and click the Secret tab.
- Click Create.
ServiceStage allows you to create secrets in Visualization or YAML mode.
- Method 1: Visualization Configure the parameters by referring to Table 1. Parameters marked with an asterisk (*) are mandatory.
Table 1 Parameters for creating a secret in visualization mode Parameter
Description
*Name
Secret name, which must be unique in the same namespace.
Enter 4 to 24 characters. Start with a lowercase letter and end with a lowercase letter or digit. Only use lowercase letters, digits, and hyphens (-).
*Cluster
Cluster where the secret will be used.
Click Create Cluster to create a CCE cluster. For details, see Buying a Cluster. Create a CCE Turbo or CCE Standard cluster based on your service requirements.
*Namespace
Namespace to which the secret belongs.
Click Create Namespace to create a namespace for the secret by referring to Creating a Namespace.
Description
Secret description. Enter 0 to 255 characters.
*Secret Type
Select the type of the secret to be created based on service requirements.
- Opaque: general secret type. If the secret type is not explicitly set in the secret configuration file, the default secret type is Opaque.
- kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
- IngressTLS: a secret that stores the certificate required by ingresses (layer-7 load balancing services).
- Other: Enter a secret type that is none of the above. Enter 4 to 24 characters.
*Repository Address
This parameter is valid only when Secret Type is set to kubernetes.io/dockerconfigjson. Enter the image repository address.
*Secret Data
Value of the data field in the application secret file.
- If the secret type is Opaque, enter the key and value.
The key contains 1 to 63 characters. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
The value contains 1 to 1,048,576 characters after Base64 encoding. For details, see Base64 Encoding.
Click Add Data to add secret data.
- If the secret type is kubernetes.io/dockerconfigjson, enter the username and password.
- If the secret type is IngressTLS, click Upload File and upload the certificate file and private key file.
The certificate file must be less than 1 MB and in .crt or .cer format. The private key file must be less than 1 MB and in .key or .pem format.
- If the secret type is Other, enter the key and value.
The key contains 1 to 63 characters. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
The value contains 1 to 1,048,576 characters after Base64 encoding. For details, see Base64 Encoding.
Click Add Data to add secret data.
Secret Label
Labels that you want to attach to various objects (such as applications, nodes, and services) in the form of key-value pairs.
Labels define the identifiable attributes of these objects and are used to manage and select the objects.
- Click Add.
- Enter the key and value.
The key contains 1 to 63 characters. Start and end with a letter or digit. Only use digits, letters, dots (.), hyphens (-), underscores (_), and slashes (/).
The value contains 1 to 63 characters. Start and end with a letter or digit. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
Figure 1 Setting secret parameters in Visualization mode
- Method 2: YAML
To create a secret by uploading a file, ensure that a secret resource file in YAML format has been created and the file size is less than 1 MB. For details, see Secret Resource File Configuration Example.
- Select a cluster from the Cluster drop-down list.
- Use either of the following methods to set the configuration item resource file:
- Click Upload File, select the created secret file, and click Open. Wait until the file is uploaded.
- Write or modify the secret resource file in Orchestration content.
Figure 2 Setting secret parameters in YAML mode
- Method 1: Visualization Configure the parameters by referring to Table 1. Parameters marked with an asterisk (*) are mandatory.
- Click Create Secret.
The new secret is displayed in the secret list.
Follow-up Operations
After a secret is created, you can search for, view, update, and delete the secret by referring to Table 2.
- After a secret is deleted, the component to which the secret is mounted or referenced in environment variables may fail to be started after being upgraded.
- The secret list contains system secrets, which can only be viewed and cannot be modified or deleted.
Operation |
Description |
---|---|
Searching for a secret |
|
Viewing a secret |
Click Show YAML in the Operation column of the target secret to view the content of the YAML file of the secret. |
Updating a secret |
|
Deleting a secret |
|
Deleting secrets in batches |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot