This topic describes how to manage Secrets in Alibaba Cloud Container Compute Service (ACS) clusters.
Prerequisites
An ACS cluster is created. For more information, see Create an ACS cluster.
Background information
We recommend that you use Secrets to store sensitive information in Kubernetes clusters. The information includes passwords and certificates.
Secrets are classified into the following types:
Service account: A service account is automatically created by Kubernetes and automatically mounted to the /run/secrets/kubernetes.io/serviceaccount directory of a pod. The service account provides an identity for the pod to interact with the API server.
Opaque: This type of Secret is encoded in Base64 and used to store sensitive information, such as passwords and certificates.
By default, you can create only Opaque Secrets in the Alibaba Cloud Container Compute Service (ACS) console. Opaque Secrets store map type data. Therefore, values must be encoded in Base64. You can create Secrets in the ACS console with a few clicks. Plaintext Secrets are automatically encoded by using Base64.
You can also create Secrets by using the CLI. For more information, see Secrets.
Create a Secret
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane, choose Configurations > Secrets.
On the Secrets page, select a namespace from the Namespace drop-down list. In the upper-right corner of the Secrets page, click Create and configure the Secret in the panel that appears.
Parameter
Description
Name
Enter a name for the Secret.
Type
You can select Opaque, Private Repository Logon Secret, or TLS Certificate.
Opaque
If you set Type to Opaque, configure the following parameters:
Optional: To enter Secret data in plaintext, select Encode Data Values Using Base64.
Configure the Secret in key-value pairs. Click + Add. Enter the keys and values for the Secret in the Name and Value fields.
Private Repository Logon Secret
If you set Type to Private Repository Logon Secret, configure the following parameters:
Docker Registry URL: Enter the address of the Docker registry where your Secret is stored.
Username: Enter the username that is used to log on to the Docker registry.
Password: Enter the password that is used to log on to the Docker registry.
TLS Certificate
If you set Type to TLS Certificate, configure the following parameters:
Cert: Enter a TLS certificate.
Key: Enter the key for the TLS certificate.
What to do next
After you create the Secret, you can perform the following operations on the Secrets page:
Click the name of the Secret to view the basic information and details about the Secret.
NoteClick the icon to view the values in plaintext.
Click Edit in the Actions column to modify the information of the Secret.
Click Delete in the Actions column to delete the Secret.
ImportantDo not delete Secrets that are generated when the cluster is created.