Last updated:2021-05-11 10:41:17
A Secret is a key-value pair for managing and configuring sensitive information, such as passwords, tokens, and keys. You can create a Secret in the KCE console and use it when you mount a volume, define an environment variable, or run a command.
Note: When you select Mount with Specified Key, you can mount the Secret to a specific path by setting Items. For example, if the mount path is
/etc/config
and the subpath isdev
, data will be stored in/etc/config/dev
.
Log in to the KCE console.
In the left navigation pane, click Cluster.
Click the ID of the cluster in which you want to use a Secret. The cluster details page appears.
In the left navigation pane, click Workload and select any type of workload. The corresponding list page appears. For example, in the left navigation pane, choose Workload > Deployment to go to the Deployment list page.
Click Create. The Create Deployment page appears. Set basic information and proceed to Deployment Configuration. In the Container configuration section, click Add for Environment Variable, as shown in the following figure.
Select Reference Secret for Add Method, enter the variable name, and then select a variable value or a variable reference.
After all configurations are completed, click Create.
Encode the data of the Secret in the Base64 format.
# echo -n 'admin' | base64
YWRtaW4=
# echo -n '12345' | base64
MTIzNDU=
Sample secret-test.yaml
file:
apiVersion: v1
kind: Secret
metadata:
name: secret-test
type: Opaque
data:
username: YWRtaW4=
password: MTIzNDU=
Create the Secret.
# kubectl apply -f secret-test.yaml
kubectl create secret
commandStore the username and password in the local ./username.txt
and ./password.txt
files.
# echo -n 'admin' > ./username.txt
# echo -n '12345' > ./password.txt
Create the Secret.
# kubectl create secret generic secret-test --from-file=./username.txt --from-file=./password.txt
Sample secret-volume.yaml
file:
apiVersion: v1
kind: Pod
metadata:
name: pod1-test
spec:
containers:
- name: container-test
image: ksyun/nginx:latest
volumeMounts: # The mount path of the volume.
- name: secret-volume
mountPath: /etc/config
volumes: # The pod-specific volumes, which are mounted to containers in the pod.
- name: secret-volume
secret:
secretName: secret-test # The name of the Secret mounted.
restartPolicy: Never
Sample secret-env.yaml
file:
apiVersion: v1
kind: Pod
metadata:
name: pod2-test
spec:
containers:
- name: container-test
image: ksyun/nainx:latest
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: secret-test
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: secret-test
key: password
restartPolicy: Never
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.