Cluster Secrets
By default, CCE creates the following secrets in each namespace:
- default-secret
- paas.elb
- default-token-xxxxx (xxxxx is a random number.)
The functions of these secrets are described as follows.
default-secret
The type of default-secret is kubernetes.io/dockerconfigjson. The data is the credential for logging in to the SWR image repository and is used to pull images from SWR. To pull an image from SWR when creating a workload on CCE, set imagePullSecrets to default-secret.
apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - image: nginx:alpine name: container-0 resources: limits: cpu: 100m memory: 200Mi requests: cpu: 100m memory: 200Mi imagePullSecrets: - name: default-secret
The data of default-secret is updated periodically, and the current data will expire after a certain period of time. You can run the describe command to view the expiration time in default-secret.
Use default-secret directly instead of copying the secret content to create a new one. The credential in the copied secret will expire and the image cannot be pulled.
$ kubectl describe secret default-secret Name: default-secret Namespace: default Labels: secret-generated-by=cce Annotations: temporary-ak-sk-expires-at: 2021-11-26 20:55:31.380909 +0000 UTC Type: kubernetes.io/dockerconfigjson Data ==== .dockerconfigjson: 347 bytes
paas.elb
The paas.elb data stores a temporary AK/SK that is used when a node is created or a load balancer is automatically created. The paas.elb data is updated periodically and has a specific time limit before it expires.
In practice, you will not directly use paas.elb. Do not delete it, as doing so will result in the failure of creating a node or load balancer. will fail.
default-token-xxxxx
By default, Kubernetes creates a service account named default for each namespace. default-token-xxxxx is the key of the service account, and xxxxx is a random number.
$ kubectl get sa NAME SECRETS AGE default 1 30d $ kubectl describe sa default Name: default Namespace: default Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: default-token-xxxxx Tokens: default-token-xxxxx Events: <none>
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot