You can use Secrets to store sensitive information in Kubernetes clusters, such as passwords and certificates, when you use Kubernetes clusters in Enterprise Distributed Application Service (EDAS). This topic describes how to manage Secrets.

Prerequisites

  • A Kubernetes cluster is created in the Container Service for Kubernetes (ACK) console.
    • To use an ACK cluster in Enterprise Distributed Application Service (EDAS), create a managed Kubernetes cluster or a dedicated Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see the following topics:
    • To use a serverless Kubernetes cluster in EDAS, create a serverless Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see Create an ASK cluster.
  • The created Kubernetes cluster is imported to EDAS. For more information, see Import a Kubernetes cluster to the EDAS console.

Background information

You can use Secrets to store sensitive information, such as passwords and certificates, that needs to be kept confidential. Secrets can be passed to containers when you create or deploy applications. If you modify a Secret, the modification takes effect after you redeploy the relevant application.

You can use Secrets in the following three scenarios:

Create a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, click Create Secrets.
  6. In the Create Secrets panel, set the parameters as required and click Yes.
    Create a Secret
    Parameter Description
    Secret dictionary name The name of the Secret. The name can contain lowercase letters, hyphens (-), and digits. It must start with a letter and cannot end with a hyphen (-).
    Cluster name The Kubernetes cluster for which you want to create the Secret. Select the required Kubernetes cluster from the drop-down list.
    K8s namespace The Kubernetes namespace of the cluster. Internal system objects are allocated to different Kubernetes namespaces to form logically isolated projects, groups, or user groups. This way, different groups can be separately managed and can also share the resources of the entire cluster. Valid values:
    • default: the default Kubernetes namespace. If no Kubernetes namespace is specified for an object, the default Kubernetes namespace is used.
    • kube-system: the Kubernetes namespace of the objects that are created by the system.
    • kube-public: the Kubernetes namespace that is automatically created by the system. This Kubernetes namespace can be read by all the users, including the users who are not authenticated.

    In this example, default is selected.

    Type The type of the Secret. Valid values: Opaque and TLS certificate.
    • Opaque: The Secret is used to store custom information. If you select Opaque, the Base64 encoded data check box is displayed.

      If you want to upload Base64-encoded data that is converted from binary data, select the Base64 encoded data check box. In this case, you must enter Base64-encoded data for the Secret. Then, EDAS does not encode the data that you enter.

    • TLS certificate: The Secret is used to store your Transport Layer Security (TLS) certificate and the keys involved. This type of Secret is generally used to configure Ingresses for applications. In EDAS, an Ingress is a collection of routing rules that are used to route external HTTPS requests to internal services.
    Opaque The following parameters are required if you set the Type parameter to Opaque:
    • Key: the key of the sensitive information. The key must be 1 to 253 characters in length, and can contain only lowercase letters, digits, hyphens (-), and periods (.).
    • Value: the value of the sensitive information. The value can contain letters, digits, underscores (_), hyphens (-), and periods (.).
    TLS certificate If you set the Type parameter to TLS certificate, you can create a self-signed certificate or manually specify the keys of your TLS certificate.
    • To manually specify the keys of your TLS certificate, set the Cert parameter to specify the public key and the Key parameter to specify the private key.

View a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to view and click Details.
    You can search for the required Secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. On the details page of the Secret, view the basic information about the Secret and the sensitive information in the Secret.
    If the Secret stores the information about a TLS certificate, you can also view the details of the certificate on the page, such as the domain name associated with the certificate, the status of the certificate, and the service provider that issued the certificate.

Modify a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to modify and click Edit.
    You can search for the required Secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. In the editing panel, modify the keys and values in the Secret based on your requirements and click Yes.
    Note If the Secret is used by an application, redeploy the application after you modify the Secret. Otherwise, the updated information does not take effect in the application.

View the Ingress associated with a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, Find the required Secret and click View associated apps.
    You can search for the required Secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. On the page that appears, view the Ingress associated with the Secret. Click the name of the Ingress to view its details.

Delete a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to delete and click Delete.
    You can search for the required Secret by setting the Secret dictionary name, Cluster name, Cluster ID, and K8sNamespace parameters.
  6. In the message that appears, click Yes.
    Note We recommend that you do not delete a Secret if it is used by an application.