OpenShift Secrets Concepts: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=External= * https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html =Internal= * OpenShift Security Concepts...") |
No edit summary |
||
Line 1: | Line 1: | ||
=External= | =External= | ||
* https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html | * https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html | ||
* https://kubernetes.io/docs/concepts/configuration/secret/ | |||
* https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/secrets.md | |||
* https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/ | |||
* https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ | |||
=Internal= | =Internal= | ||
Line 8: | Line 11: | ||
* [[OpenShift Security Concepts#Secrets|OpenShift Security Concepts]] | * [[OpenShift Security Concepts#Secrets|OpenShift Security Concepts]] | ||
=Overview= | |||
=Organizatorium= | |||
A ''secret'' resource can hold text or binary secrets for delivery into pods. They are base64 encoded. Are mounted into pods using the volume mount mechanism. The volumes are backed by temporary file-storage facilities (tmpfs). Secrets from builds can be referenced. | A ''secret'' resource can hold text or binary secrets for delivery into pods. They are base64 encoded. Are mounted into pods using the volume mount mechanism. The volumes are backed by temporary file-storage facilities (tmpfs). Secrets from builds can be referenced. |
Revision as of 17:16, 30 January 2018
External
- https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html
- https://kubernetes.io/docs/concepts/configuration/secret/
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/secrets.md
- https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/
- https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
Internal
Overview
Organizatorium
A secret resource can hold text or binary secrets for delivery into pods. They are base64 encoded. Are mounted into pods using the volume mount mechanism. The volumes are backed by temporary file-storage facilities (tmpfs). Secrets from builds can be referenced.
By default, every container is given a single secret which contains a token for accessing the API with limited privileges, at /var/run/secrets/kubernetes.io/serviceaccount.
Secret Types
Key File-Based
Basic Auth
A secret containing the user name and the password to use in HTTP basic authentication.