OpenShift Secrets Concepts: Difference between revisions
Jump to navigation
Jump to search
Line 14: | Line 14: | ||
=Operations= | =Operations= | ||
{{Internal|OpenShift_Security_Operations#.27Secret.27_Operations|Secret Operations}} | |||
=Organizatorium= | =Organizatorium= |
Revision as of 17:17, 30 January 2018
External
- https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html
- https://kubernetes.io/docs/concepts/configuration/secret/
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/secrets.md
- https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/
- https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
Internal
Overview
Operations
Organizatorium
A secret resource can hold text or binary secrets for delivery into pods. They are base64 encoded. Are mounted into pods using the volume mount mechanism. The volumes are backed by temporary file-storage facilities (tmpfs). Secrets from builds can be referenced.
By default, every container is given a single secret which contains a token for accessing the API with limited privileges, at /var/run/secrets/kubernetes.io/serviceaccount.
Secret Types
Key File-Based
Basic Auth
A secret containing the user name and the password to use in HTTP basic authentication.