Container Engine (KCE)

      Documentation Container Engine (KCE) User Guide Configuration management Manage Secrets

      Manage Secrets

      Last updated:2021-05-11 10:41:17

      A Secret is a key-value pair for managing and configuring sensitive information, such as passwords, tokens, and keys. You can create a Secret in the KCE console and use it when you mount a volume, define an environment variable, or run a command.

      Operations in the KCE console

      Create a Secret

      1. Log in to the KCE console.
      2. In the left navigation pane, click Cluster.
      3. Click the ID of the cluster in which you want to create a Secret. The cluster details page appears.
      4. In the left navigation pane, choose Configuration Management > Secret. The Secret list page appears.
      5. Click Create. On the Create Secret page, complete the following configurations:
        • Name: the name of the Secret to be created.
        • Namespace: the namespace of the cluster to which the Secret belongs.
        • Key Type: the type of the Secret. Opaque and kubernetes.io/dockerconfigjson are available.
          • Opaque: indicates a Base64-encoded Secret that stores a password or key.
          • kubernetes.io/dockerconfigjson: indicates a Secret that stores authentication information for a private Docker registry.
        • Parameter available when Key Type is Opaque:
          • Content: the variables of the Secret. You can define the variable names and variable values as required.
        • Parameters available when Key Type is kubernetes.io/dockerconfigjson:
          • Image Repository Address: the name or IP address of the image repository.
          • User Name: the username used to log in to the image repository.
          • Password: the password used to log in to the image repository.
      6. Click Create.

      Use a Secret

      Method 1: Mount a volume of the Secret type
      1. Log in to the KCE console.
      2. In the left navigation pane, click Cluster.
      3. Click the ID of the cluster in which you want to use a Secret. The cluster details page appears.
      4. In the left navigation pane, click Workload and select any type of workload. The corresponding list page appears. For example, in the left navigation pane, choose Workload > Deployment to go to the Deployment list page.
      5. Click Create. The Create Deployment page appears. Set basic information and proceed to Deployment Configuration. In the Deployment Configuration step, click Add Volume, select Secret for Type, and then enter the volume name, as shown in the following figure.

      image.png

      1. Click Select Secret. In the Set Secret dialog box, complete the following configurations:
        • Select Secret: Select a Secret as required.
        • Mount Options: Select Mount All or Mount with Specified Key as required.

      Note: When you select Mount with Specified Key, you can mount the Secret to a specific path by setting Items. For example, if the mount path is /etc/config and the subpath is dev, data will be stored in /etc/config/dev.

      1. After all configurations are completed, click Create.
      Method 2: Define an environment variable for a container

      1. Log in to the KCE console.

      2. In the left navigation pane, click Cluster.

      3. Click the ID of the cluster in which you want to use a Secret. The cluster details page appears.

      4. In the left navigation pane, click Workload and select any type of workload. The corresponding list page appears. For example, in the left navigation pane, choose Workload > Deployment to go to the Deployment list page.

      5. Click Create. The Create Deployment page appears. Set basic information and proceed to Deployment Configuration. In the Container configuration section, click Add for Environment Variable, as shown in the following figure.
        image.png

      6. Select Reference Secret for Add Method, enter the variable name, and then select a variable value or a variable reference.

      7. After all configurations are completed, click Create.

      Update a Secret

      1. Log in to the KCE console.
      2. In the left navigation pane, click Cluster.
      3. Click the ID of the cluster in which you want to update a Secret. The cluster details page appears.
      4. In the left navigation pane, choose Configuration Management > Secret. The Secret list page appears.
      5. Find the Secret that you want to update and click Edit YAML in the Operation column. On the UpdateSecret page, modify the configurations as required and click Update.

      Delete a Secret

      1. Log in to the KCE console.
      2. In the left navigation pane, click Cluster.
      3. Click the ID of the cluster in which you want to delete a Secret. The cluster details page appears.
      4. In the left navigation pane, choose Configuration Management > Secret. The Secret list page appears.
      5. Find the Secret that you want to delete and click Delete in the Operation column. In the message that appears, click OK.

      Operations by using kubectl

      Create a Secret

      Method 1: Use a YAML file

      Encode the data of the Secret in the Base64 format.

      # echo -n 'admin' | base64 
YWRtaW4= 
# echo -n '12345' | base64 
MTIzNDU=

      Sample secret-test.yaml file:

      apiVersion: v1
kind: Secret
metadata:
   name: secret-test
type: Opaque
data:
   username: YWRtaW4=
   password: MTIzNDU=

      Create the Secret.

      # kubectl apply -f secret-test.yaml
      Method 2: Run the kubectl create secret command

      Store the username and password in the local ./username.txt and ./password.txt files.

      # echo -n 'admin' > ./username.txt
# echo -n '12345' > ./password.txt

      Create the Secret.

      # kubectl create secret generic secret-test --from-file=./username.txt --from-file=./password.txt

      Use a Secret

      Method 1: Mount a volume of the Secret type

      Sample secret-volume.yaml file:

      apiVersion: v1
kind: Pod
metadata:
   name: pod1-test
spec:
   containers:
     - name: container-test
       image: ksyun/nginx:latest
       volumeMounts:                             # The mount path of the volume.
         - name: secret-volume
           mountPath: /etc/config
   volumes:                                      # The pod-specific volumes, which are mounted to containers in the pod.
     - name: secret-volume
       secret:
         secretName: secret-test                       # The name of the Secret mounted.
   restartPolicy: Never
      Method 2: Define an environment variable for a container

      Sample secret-env.yaml file:

      apiVersion: v1
kind: Pod
metadata:
  name: pod2-test
spec:
  containers:
    - name: container-test
      image: ksyun/nainx:latest
      env:
        - name: SECRET_USERNAME
          valueFrom:
            secretKeyRef:
              name: secret-test
              key: username
        - name: SECRET_PASSWORD
          valueFrom:
            secretKeyRef:
              name: secret-test
              key: password
  restartPolicy: Never
      Previous:Manage ConfigMaps
      Next:Volume overview

      Did you find the above information helpful?

      Unhelpful
      Mostly Unhelpful
      A little helpful
      Helpful
      Very helpful

      What might be the problems?

      Insufficient
      Outdated
      Unclear or awkward
      Redundant or clumsy
      Lack of context for the complex system or functionality

      More suggestions

      0/200

      Please give us your feedback.

      Submitted

      Thank you for your feedback.

      问题反馈