A secret is a key-value pair that can store sensitive information such as passwords, tokens, and keys to help you lower the risk of information disclosure. You can create a secret object using kubectl in the console, and use a secret by mounting a volume, through environment variables, or in a container's run command.
- Repository domain name: enter the domain name or IP as applicable.
- Username: enter the username for the third-party repository based on your needs.
- Password: enter the login password for the third-party repository based on your needs.
If this is the first time that you log in to the system, an account will be created and related information will be written to the
~/.dockercrg
file.
Log in to the TKE console and select Clusters in the left sidebar.
Click the ID of the cluster where you want to deploy the workload to enter the cluster management page.
Under Workload, select a workload type to go to the corresponding information page.
For example, select Workload -> DaemonSet to go to the DaemonSet page, as shown below:
Click Create to go to the Create Workload page.
Set the workload name, namespace, and other information as instructed. In "Volume", click Add Volume, as shown below:
Select Use Secret from the drop-down list, enter a name, and click Select Secret, as shown below:
In the pop-up Configure Secret window, configure the mounting point and click OK, as shown below:
/data/config
and the sub-path is dev
, it will finally be saved under /data/config/dev
.Click Create Workload to complete the creation.
Log in to the TKE console and select Clusters in the left sidebar.
Click the ID of the cluster where you want to deploy a workload to enter the cluster management page.
Under Workload, select a workload type to go to the corresponding information page.
For example, select Workload -> DaemonSet to go to the DaemonSet page, as shown below:
Click Create to go to the Create Workload page.
Set the workload name, namespace, and other information as instructed. In "Environment Variable" under "Containers in the pod", click Reference ConfigMap/Secret, as shown below:
Select Secret for the environment variable and select resources based on your needs, as shown below:
Click Create Workload to complete the creation.
To modify key-values, edit the parameter values of data in the YAML file and click Finish to complete the update.
$ echo -n 'username' > ./username.txt
$ echo -n 'password' > ./password.txt
$ kubectl create secret generic test-secret --from-file=./username.txt --from-file=./password.txt
secret "testSecret" created
kubectl describe secrets/ test-secret
To manually create a secret using a YAML file, you need to Base64-encode the data of the secret in advance.
apiVersion: v1
kind: Secret
metadata:
name: test-secret
type: Opaque
data:
username: dXNlcm5hbWU= ## Generated by echo -n 'username' | base64
password: cGFzc3dvcmQ= ## Generated by echo -n 'password' | base64
The following shows a YAML sample.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
volumeMounts:
name: secret-volume
mountPath: /etc/config
volumes:
name: secret-volume
secret:
name: test-secret ## Set the secret source
## items: ## Set the key mounting of the specified secret
## key: username ## Select the specified key
## path: group/user ## Mount to the specified subpath
## mode: 256 ## Set file permission
restartPolicy: Never
The following shows a YAML sample.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: test-secret ## Set the filename of the source secret
key: username ## Set the value source of the environment variable
restartPolicy: Never
The following shows a YAML sample.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
imagePullSecrets:
- name: test-secret ## Set the filename of the source secret
restartPolicy: Never
Was this page helpful?