You can use secrets to store sensitive information in Kubernetes clusters, such as passwords and certificates, when you use Kubernetes clusters in Enterprise Distributed Application Service (EDAS). This topic describes how to manage secrets.

Prerequisites

  • A Kubernetes cluster is created in the Container Service for Kubernetes (ACK) console.
    • To use an ACK cluster in Enterprise Distributed Application Service (EDAS), create a managed Kubernetes cluster or a dedicated Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see the following topics:
    • To use a serverless Kubernetes cluster in EDAS, create a serverless Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see Create an ASK cluster.
  • The created Kubernetes cluster is imported to EDAS. For more information, see Import a Kubernetes cluster to the EDAS console.

Background information

You can use secrets to store sensitive information, such as passwords and certificates, that needs to be kept confidential. Secrets can be passed to containers when you create or deploy applications. If you modify a secret, the modification takes effect after you redeploy the relevant application.

You can use secrets in the following three scenarios:

For more information, see Secrets.

Create a secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar. Then, select a Microservice Namespaces .
  5. On the Secret page, click Create.
  6. In the Create Secrets panel, set the parameters as required and click Yes.
    Create a secret
    Parameter or value Description
    Secret dictionary name The name of the secret. The name can contain lowercase letters, hyphens (-), and digits. It must start with a letter and cannot end with a hyphen (-).
    Cluster name The Kubernetes cluster for which you want to create the secret. Select the required Kubernetes cluster from the drop-down list.
    K8s namespace The Kubernetes namespace of the cluster. Internal system objects are allocated to different Kubernetes namespaces to form logically isolated projects, groups, or user groups. This way, different groups can be separately managed and can also share the resources of the entire cluster. Valid values:
    • default: the default Kubernetes namespace. If no Kubernetes namespace is specified for an object, the default Kubernetes namespace is used.
    • kube-system: the Kubernetes namespace of the objects that are created by the system.
    • kube-public: the Kubernetes namespace that is automatically created by the system. This Kubernetes namespace can be read by all the users, including the users who are not authenticated.

    In this example, default is selected.

    Type The type of the secret. Valid values: Opaque and TLS certificate.
    • Opaque: The secret is used to store custom information.
    • TLS certificate: The secret is used to store the Transport Layer Security (TLS) certificate and the keys involved. This type of secret is generally used to configure ingresses for applications. In EDAS, an ingress is a collection of routing rules that are used to route external HTTPS requests to internal services.
    Opaque The following parameters are required if you set the Type parameter to Opaque:
    • Key: the key of the sensitive information. The key can contain letters, digits, underscores (_), hyphens (-), and periods (.).
    • Value: the value of the sensitive information.
    TLS certificate The following parameters are required if you set the Type parameter to TLS certificate:
    • Cert: the public key of the TLS certificate.
    • Key: the private key of the TLS certificate.

View a secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar. Then, select a Microservice Namespaces .
  5. On the Secret page, find the secret that you want to view and click Details.
    You can search for the required secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. On the details page of the secret, view the basic information about the secret and the sensitive information in the secret.

Modify a secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar. Then, select a Microservice Namespaces .
  5. On the Secret page, find the secret that you want to modify and click Edit.
    You can search for the required secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. In the editing panel, modify the keys and values in the secret based on your requirements and click Yes.
    Note If the secret is used by an application, redeploy the application after you modify the secret. Otherwise, the updated information does not take effect in the application.

Delete a secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar. Then, select a Microservice Namespaces .
  5. On the Secret page, find the secret that you want to delete and click Delete.
    You can search for the required secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. In the message that appears, click Yes.
    Note We recommend that you do not delete a secret if it is used by an application.