Kubernetes Cluster Configuration Concepts: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 5: | Line 5: | ||
=<span id='Secret'></span>Secrets= | =<span id='Secret'></span>Secrets= | ||
{{External|[https://kubernetes.io/docs/concepts/configuration/secret/ Secrets]}} | {{External|[https://kubernetes.io/docs/concepts/configuration/secret/ Secrets]}} | ||
A secret is a mechanism, backed by a Kubernetes [[Kubernetes_Concepts#API_Resources|API resource]], that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory. | A secret is a mechanism, backed by a Kubernetes [[Kubernetes_Concepts#API_Resources|API resource]], that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory. | ||
A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod. | A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod. | ||
==Secrets Operations== | |||
{{Internal|Kubernetes Secrets Operations|Secrets Operations}} | |||
Revision as of 16:40, 22 August 2019
Internal
Secrets
A secret is a mechanism, backed by a Kubernetes API resource, that allows applications running on a Kubernetes cluster to safely manage, store and access security-sensitive information such as passwords, OAuth tokens and ssh keys. This mechanism provides a better alternative to placing that information in a container image or in the pod metadata. An individual secret contains a small amount of data, limited to 1 MiB - this is to discourage creation of very large secrets that would exhaust API server and kubelet memory.
A pod must explicitly reference a secret in its manifest to access it. If that does not happen, the system will not initialize the infrastructure that exposes the information to the pod.