Kubernetes Cluster Configuration Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 7: Line 7:


A secret is a mechanism, backed by a Kubernetes [[Kubernetes_Concepts#API_Resources|API resource]], that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory.
A secret is a mechanism, backed by a Kubernetes [[Kubernetes_Concepts#API_Resources|API resource]], that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory.
Secrets are consumed by applications, and they can be exposed to pods in two ways:
* As files in dedicated data volumes mounted in the pod.
* As environment variables exposed to containers in the pod.


A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod.
A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod.
Secrets can also be used by other parts of the system, without being directly exposed to pods.


==Secrets Operations==
==Secrets Operations==
{{Internal|Kubernetes Secrets Operations|Secrets Operations}}
{{Internal|Kubernetes Secrets Operations|Secrets Operations}}

Revision as of 16:45, 22 August 2019

Internal

Secrets

Secrets

A secret is a mechanism, backed by a Kubernetes API resource, that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory.

Secrets are consumed by applications, and they can be exposed to pods in two ways:

  • As files in dedicated data volumes mounted in the pod.
  • As environment variables exposed to containers in the pod.

A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod.

Secrets can also be used by other parts of the system, without being directly exposed to pods.

Secrets Operations

Secrets Operations