15308555518/ website
1
0
Fork 0
mirror of https://github.com/kubesphere/website.git synced 2025-12-31 19:12:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
website/content/en/docs/project-user-guide/configuration/secrets.md
Sherlock113 a1f1a8f705 Add image registry guide 
Signed-off-by: Sherlock113 <sherlockxu@yunify.com>
2020-11-23 20:28:36 +08:00

7.5 KiB
Raw Blame History

title keywords description linkTitle weight
Secrets KubeSphere, Kubernetes, Secrets How to create a Secret in KubeSphere. Secrets 2120

A Kubernetes Secret is used to store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. To use a Secret, a Pod needs to reference it in one of the following ways.

  • As a file in a volume mounted and consumed by containerized applications running in a Pod.
  • As environment variables used by containers in a Pod.
  • As image registry credentials when images are pulled for the Pod by the kubelet.

This tutorial demonstrates how to create a Secret in KubeSphere.

Prerequisites

You need to create a workspace, a project and an account (project-regular). The account must be invited to the project with the role of operator. For more information, see Create Workspace, Project, Account and Role.

Create a Secret

Step 1: Open Dashboard

Log in the console as project-regular. Go to Configurations of a project, choose Secrets and click Create.

create-secrets

Step 2: Input Basic Information

Specify a name for the Secret (e.g. demo-secret) and click Next to continue.

{{< notice tip >}}

You can see the Secret's manifest file in YAML format by enabling Edit Mode in the top right corner. KubeSphere allows you to edit the manifest file directly to create a Secret. Alternatively, you can follow the steps below to create a Secret via the dashboard.

{{</ notice >}}

set-secret

Step 3: Set Secret

  1. Under the tab Secret Settings, you must choose a Secret type. In KubeSphere, you can create the following types of Secrets, indicated by the type field.

    secret-type

    {{< notice note >}}

    For all Secret types, values for all keys under the field data in the manifest must be base64-encoded strings. After you specify values on the KubeSphere dashboard, KubeSphere converts them into corresponding base64 character values in the YAML file. For example, if you input password and hello123 for Key and Value respectively on the Edit Data page when you create the default type of Secret, the actual value displaying in the YAML file is aGVsbG8xMjM= (i.e. hello123 in base64 format), automatically created by KubeSphere.

    {{</ notice >}}

    • Default. The type of Opaque in Kubernetes, which is also the default Secret type in Kubernetes. You can create arbitrary user-defined data for this type of Secret.

      default-secret

    • TLS. The type of kubernetes.io/tls in Kubernetes, which is used to store a certificate and its associated key that are typically used for TLS, such as TLS termination of Ingress resources. You must specify Credential and Private Key for it, indicated by tls.crt and tls.key in the YAML file respectively.

      tls

    • Image Registry Secret. The type of kubernetes.io/dockerconfigjson in Kubernetes, which is used to store the credentials for accessing a Docker registry for images. For more information, see Image Registries.

      image-registry-secret

    • Account Password Secret. The type of kubernetes.io/basic-auth in Kubernetes, which is used to store credentials needed for basic authentication. You must specify User Name and Password for it, indicated by username and password in the YAML file respectively.

      account-password-secret

    • Custom. You can input any type of Secrets supported by Kubernetes in the box. Click Add Data to add key-value pairs for it.

      custom-secret

  2. For this tutorial, select the default type of Secret. Click Add Data and input the Key (MYSQL_ROOT_PASSWORD) and Value (123456) as below to specify a Secret for MySQL.

    add-data

    input-key

  3. Click in the bottom right corner to confirm. You can continue to add key-value pairs to the Secret or click Create to finish the creation. For more information about how to use the Secret, see Compose and Deploy WordPress.

Check Secret Details

  1. After a Secret is created, it displays in the list as below. You can click the three dots on the right and select the operation from the menu to modify it.

    secret-list

    • Edit: View and edit the basic information.
    • Edit YAML: View, upload, download, or update the YAML file.
    • Edit Seret: Modify the key-value pair of the Secret.
    • Delete: Delete the Secret.

  2. Click the name of the Secret and you can go to its detail page. Under the tab Detail, you can see all the key-value pairs you have added for the Secret.

    secret-detail-page

    {{< notice note >}}

As mentioned above, KubeSphere automatically converts the value of a key into its corresponding base64 character value. To see the actual decoded value, click the eye icon on the right.

{{</ notice >}}

  1. Click More to display what operations about this Secret you can do.

    secret-dropdown-menu

    • Edit YAML: View, upload, download, or update the YAML file.
    • Edit Secret: Modify the key-value pair of the Secret.
    • Delete: Delete the Secret, and return to the list page.

Use a Secret

Generally, you need to use a Secret when you create workloads, Services, Jobs or CronJobs. For example, you can select a Secret for a code repository. For more information, see Image Registries.

use-secret-repository

Alternatively, you may need to add environment variables for containers. On the Container Image page, check Environment Variables and click Use ConfigMap or Secret to use a Secret from the list.

use-secret-image