vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cci/umn/cci_01_0035.html
Dong, Qiu Jian a9ef41723a CCI UMN initial upload 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-10-24 12:19:17 +00:00

5.2 KiB
Raw Blame History

Secrets

Secrets are objects that you can use to store sensitive data such as authentication information, certificates, and private keys. You can load a secret to a container as an environment variable when the container is started or mount a secret to a container as a file.

It is recommended that you encrypt the uploaded secrets.

Creating a Secret

  1. Log in to the CCI console. In the navigation pane on the left, choose Configuration Center.
  2. Select a namespace and click the Secrets tab.
  3. Click Create from YAML in the upper left corner and edit the YAML file. For details about the YAML file, see YAML format.

    CCI supports both JSON and YAML, and the file size cannot exceed 2 MB.

  4. Click OK.

    You can view the newly created secret in the secret list.

Using a Secret

After a secret is created, you can mount it to a container as a storage volume during pod creation. For example, mount a secret named aksk-secret to a container and set the storage volume name to volume2.

Secret File Format

  • secret.yaml resource description file

    For example, you can use a secret to obtain the following key-value pairs and encrypt them for an application:

    key1: value1

    key2: value2

    The secret.yaml file is defined as below. (Base64 encoding is required for the value of each key. For details about the Base64 encoding method, see Base64 Encoding.)

    apiVersion: v1
kind: Secret
metadata:
  name: mysecret           #Secret name
  annotations:
    description: "test"
  labels:
    label-01: value-01
    label-02: value-02
data:
  key1: dmFsdWUx    #Base64 encoding required
  key2: dmFsdWUy  #Base64 encoding required
type: Opaque         #The type must be Opaque.
  • secret.json resource description file
    The content is as follows:
    {
    "apiVersion": "v1",
    "kind": "Secret",
    "metadata": {
        "annotations": {
            "description": "test"
        },
        "labels": {
            "label-01": "value-01",
            "label-02": "value-02"
        },
        "name": "mysecret"
    },
    "data": {
        "key1": "dmFsdWUx",
        "key2": "dmFsdWUy"
    },
    "type": "Opaque"
}

Base64 Encoding

To perform Base64 encoding on a character string, run the echo -n {Content to be encoded} | base64 command.

root@ubuntu:~# echo -n "3306" | base64
MzMwNg==
Parent topic: Configuration Center