Managing Secrets
Secrets are user-defined resources that store authentication and sensitive information such as application keys. They can be used as files or environment variables in applications.
This section describes how to create, view, update, and delete secrets for the CCE cluster bound to a Kubernetes environment.
Prerequisites
- A CCE cluster has been bound to the environment. For details, see Binding a CCE Cluster.
- The namespace to which the secret belongs has been created. For details, see Creating a Namespace.
Creating a Secret
- Log in to ServiceStage.
- On the Environment Management page, click the target environment.
- In the Resources area, choose Clusters from Compute.
- On the Secret page, click Create Secret.
ServiceStage allows you to create secrets in Visualization or YAML mode.
- Method 1: Visualization Configure the parameters by referring to Table 1. Parameters marked with an asterisk (*) are mandatory.
Table 1 Parameters for creating a secret in visualization mode Parameter
Description
*Name
Secret name, which must be unique in the same namespace.
Enter 4 to 24 characters. Start with a lowercase letter and end with a lowercase letter or digit. Only use lowercase letters, digits, and hyphens (-).
*Cluster
Cluster where the secret will be used.
Click Create Cluster to create a CCE cluster. For details, see Buying a Cluster. Create a CCE Turbo or CCE Standard cluster based on your service requirements.
*Namespace
Namespace to which the secret belongs.
Click Create Namespace to create a namespace for the secret by referring to Creating a Namespace.
Description
Secret description. Enter 0 to 255 characters.
*Secret Type
Select the type of the secret to be created based on service requirements.
- Opaque: general secret type. If the secret type is not explicitly set in the secret configuration file, the default secret type is Opaque.
- kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
- IngressTLS: a secret that stores the certificate required by ingresses (layer-7 load balancing services).
- Other: Enter a secret type that is none of the above. Enter 4 to 24 characters.
*Repository Address
This parameter is valid only when Secret Type is set to kubernetes.io/dockerconfigjson. Enter the image repository address.
*Secret Data
Value of the data field in the application secret file.
- If the secret type is Opaque, enter the key and value.
The key contains 1 to 63 characters. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
The value contains 1 to 1,048,576 characters after Base64 encoding. For details, see Base64 Encoding.
Click Add Data to add secret data.
- If the secret type is kubernetes.io/dockerconfigjson, enter the username and password.
- If the secret type is IngressTLS, click Upload File and upload the certificate file and private key file.
The certificate file must be less than 1 MB and in .crt or .cer format. The private key file must be less than 1 MB and in .key or .pem format.
- If the secret type is Other, enter the key and value.
The key contains 1 to 63 characters. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
The value contains 1 to 1,048,576 characters after Base64 encoding. For details, see Base64 Encoding.
Click Add Data to add secret data.
Secret Label
Labels that you want to attach to various objects (such as applications, nodes, and services) in the form of key-value pairs.
Labels define the identifiable attributes of these objects and are used to manage and select the objects.
- Click Add.
- Enter the key and value.
The key contains 1 to 63 characters. Start and end with a letter or digit. Only use digits, letters, dots (.), hyphens (-), underscores (_), and slashes (/).
The value contains 1 to 63 characters. Start and end with a letter or digit. Only use digits, letters, dots (.), hyphens (-), and underscores (_).
Figure 1 Setting secret parameters in Visualization mode
- Method 2: YAML
To create a secret by uploading a file, ensure that a secret resource file in YAML format has been created and the file size is less than 1 MB. For details, see Secret Resource File Configuration.
- Select a cluster from the Cluster drop-down list.
- Use either of the following methods to set the configuration item resource file:
- Click Upload File, select the created secret file, and click Open. Wait until the file is uploaded.
- Write or modify the secret resource file in Orchestration content.
Figure 2 Setting secret parameters in YAML mode
- Method 1: Visualization Configure the parameters by referring to Table 1. Parameters marked with an asterisk (*) are mandatory.
- Click Create Secret.
The new secret is displayed in the secret list.
Follow-Up Operations
After a secret is created, you can search for, view, update, and delete the secret by referring to Table 2.
- Deleted items cannot be restored. Exercise caution when performing this operation.
- The secret list contains system secrets, which can only be viewed and cannot be modified or deleted.
Operation |
Description |
---|---|
Searching for a secret |
|
Viewing a secret |
Click Show YAML in the Operation column of the target secret to view the content of the YAML file of the secret. |
Updating a secret |
|
Deleting a secret |
|
Deleting secrets in batches |
|
Secret Resource File Configuration
This section provides examples of configuring secret resource description files. For example, you can retrieve the username and password for an application through a secret.
username: my-username password: my-password
The following shows the content of a secret file. The value must be encoded using Base64. For more information, see Base64 Encoding.
apiVersion: v1 kind: Secret metadata: name: mysecret #Secret name. namespace: default #Namespace. The default value is default. data: username: ****** #The value must be Base64-encoded. password: ****** #The value must be Base64-encoded. type: Opaque #You are advised not to change this parameter value.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot