Secrets
A secret is a type of resource that holds sensitive data, such as authentication and key information. Its content is user-defined.
- After a secret is created on the UCS console, it is in the undeployed state by default. You need to mount the secret when creating or updating a workload. For details, see Secret.
- After a secret is mounted to a workload, a secret with the same name is created in each cluster to which the workload belongs.
Creating a Secret
- Log in to the UCS console. In the navigation pane, choose Fleets.
- On the Fleets tab, click the name of the federation-enabled fleet to access its details page.
- Choose ConfigMaps and Secrets in the navigation pane and click the Secrets tab.
- Select the namespace for which you want to create a secret and click Create Secret in the upper right corner.
- Set the parameters listed in Table 1.
Table 1 Parameters for creating a secret Parameter
Description
Name
Name of a secret, which must be unique in the same namespace.
Namespace
Namespace to which the secret belongs. The current namespace is used by default.
Description
Description of the secret.
Type
Type of the secret.
- Opaque: common secret. In high-sensitive scenarios, you are advised to encrypt sensitive data using data encryption services and then store the encrypted data in secrets.
- kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository. If you select this secret type, enter the image repository address.
- IngressTLS: a secret that stores the certificate required by an ingress. If you select this secret type, upload the certificate file and private key file.
- Other: another type of secret, which is specified manually.
Data
Workload secret data can be used in containers.
- If the secret type is Opaque, enter the key and value. The value must be a Base64-encoded value. You can select Auto Base64-encoded to Base64-encode the entered value. For details about manual Base64 encoding, see Base64 Encoding.
- If the secret type is kubernetes.io/dockerconfigjson, enter the username and password of the private image repository.
Label
Labels are attached to objects such as workloads, nodes, and Services in key-value pairs.
Labels define identified attributes of these objects and can be used to manage and select objects.
- Click Confirm.
- Enter the key and value.
- Click OK.
The new secret is displayed in the secret list.
Using a Secret
After a secret is created, you can mount the secret to a container for storage during workload creation. Then, you can read the secret data from the mount path of the container. For details, see Secret.
Base64 Encoding
To Base64-encode a string, run the echo -n Content to be encoded | base64 command. The following is an example:
echo -n "Content to be encoded" | base64
Related Operations
Operation |
Description |
---|---|
Creating a secret from a YAML file |
Click Create from YAML in the upper right corner to create a secret from an existing YAML file. |
Viewing details |
Click the secret name to view its details. |
Editing a YAML file |
Click Edit YAML in the row where the target secret resides to edit its YAML file. |
Updating a secret |
|
Deleting a secret |
Choose More > Delete in the row where the target secret resides, and click Yes. |
Deleting secrets in batches |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot