yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a9ef41723ad66438a24646ba61582dbc5b9f1cfc
doc-exports/docs/cci/umn/cci_01_0035.html
Dong, Qiu Jian a9ef41723a CCI UMN initial upload 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-10-24 12:19:17 +00:00

65 lines
5.2 KiB
HTML
Raw Blame History

<a name="cci_01_0035"></a><a name="cci_01_0035"></a>
<h1 class="topictitle1">Secrets</h1>
<div id="body0000001703971746"><p id="cci_01_0035__p2879172915531">Secrets are objects that you can use to store sensitive data such as authentication information, certificates, and private keys. You can load a secret to a container as an environment variable when the container is started or mount a secret to a container as a file.</p>
<div class="note" id="cci_01_0035__note2278951132113"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cci_01_0035__p1291018422187">It is recommended that you encrypt the uploaded secrets.</p>
</div></div>
<div class="section" id="cci_01_0035__section18512531861"><a name="cci_01_0035__section18512531861"></a><a name="section18512531861"></a><h4 class="sectiontitle">Creating a Secret</h4><ol id="cci_01_0035__ol18179910114616"><li id="cci_01_0035__li383017919498"><span>Log in to the CCI console. In the navigation pane on the left, choose <strong id="cci_01_0035__b187877526575041">Configuration Center</strong>.</span></li><li id="cci_01_0035__li7850191719494"><span>Select a namespace and click the <strong id="cci_01_0035__b944217510812">Secrets</strong> tab.</span></li><li id="cci_01_0035__li1320512613497"><span>Click <strong id="cci_01_0035__b33901314589">Create from YAML</strong> in the upper left corner and edit the YAML file. For details about the YAML file, see <a href="#cci_01_0035__li6120118172019">YAML format</a>.</span><p><div class="note" id="cci_01_0035__note176631439613"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cci_01_0035__p1266333920117">CCI supports both JSON and YAML, and the file size cannot exceed 2 MB.</p>
</div></div>
</p></li><li id="cci_01_0035__li4706172635214"><span>Click <span class="uicontrol" id="cci_01_0035__uicontrol1167318030811"><b>OK</b></span>.</span><p><p id="cci_01_0035__p2679728155212">You can view the newly created secret in the secret list.</p>
</p></li></ol>
</div>
<div class="section" id="cci_01_0035__section152761334151217"><h4 class="sectiontitle">Using a Secret</h4><p id="cci_01_0035__p315717459125">After a secret is created, you can mount it to a container as a storage volume during pod creation. For example, mount a secret named <strong id="cci_01_0035__b0120133310129">aksk-secret</strong> to a container and set the storage volume name to <strong id="cci_01_0035__b134853437121">volume2</strong>.</p>
<p id="cci_01_0035__p1738714802520"></p>
</div>
<div class="section" id="cci_01_0035__section96481187193"><h4 class="sectiontitle">Secret File Format</h4><ul id="cci_01_0035__ul1212017811204"><li id="cci_01_0035__li6120118172019"><a name="cci_01_0035__li6120118172019"></a><a name="li6120118172019"></a><span class="filepath" id="cci_01_0035__filepath1281662011312"><b>secret.yaml</b></span> resource description file<p id="cci_01_0035__p36455081918">For example, you can use a secret to obtain the following key-value pairs and encrypt them for an application:</p>
<p id="cci_01_0035__p10651950201914">key1: value1</p>
<p id="cci_01_0035__p46525071912">key2: value2</p>
<p id="cci_01_0035__p196675051915">The <strong id="cci_01_0035__b216411536139">secret.yaml</strong> file is defined as below. (Base64 encoding is required for the value of each key. For details about the Base64 encoding method, see <a href="#cci_01_0035__section175000605919">Base64 Encoding</a>.)</p>
<pre class="screen" id="cci_01_0035__screen8682502193">apiVersion: v1
kind: Secret
metadata:
name: mysecret #Secret name
annotations:
description: "test"
labels:
label-01: value-01
label-02: value-02
data:
key1: dmFsdWUx #Base64 encoding required
key2: dmFsdWUy #Base64 encoding required
type: Opaque #The type must be Opaque.</pre>
</li><li id="cci_01_0035__li28971790206"><span class="filepath" id="cci_01_0035__filepath13489153671618"><b>secret.json</b></span> resource description file<div class="p" id="cci_01_0035__p14208151711216">The content is as follows:<pre class="screen" id="cci_01_0035__screen11209161710213">{
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"annotations": {
"description": "test"
},
"labels": {
"label-01": "value-01",
"label-02": "value-02"
},
"name": "mysecret"
},
"data": {
"key1": "dmFsdWUx",
"key2": "dmFsdWUy"
},
"type": "Opaque"
}</pre>
</div>
</li></ul>
</div>
<div class="section" id="cci_01_0035__section175000605919"><a name="cci_01_0035__section175000605919"></a><a name="section175000605919"></a><h4 class="sectiontitle">Base64 Encoding</h4><p id="cci_01_0035__p171051722165915">To perform Base64 encoding on a character string, run the <strong id="cci_01_0035__b1028619121717">echo -n </strong><em id="cci_01_0035__i19295195173">{Content to be encoded}</em><strong id="cci_01_0035__b1629719151714"> | base64</strong> command.</p>
<pre class="screen" id="cci_01_0035__screen18124926408">root@ubuntu:~# echo -n "3306" | base64
MzMwNg==</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cci_01_0033.html">Configuration Center</a></div>
</div>
</div>
View Git Blame Copy Permalink