When you use Kubernetes clusters for Enterprise Distributed Application Service (EDAS), we recommend that you use Secrets to store sensitive information such as passwords and certificates. This topic describes how to manage Secrets.

Prerequisites

  • A Kubernetes cluster is created in the Container Service for Kubernetes (ACK) console.
    • To use an ACK cluster in Enterprise Distributed Application Service (EDAS), create a managed Kubernetes cluster or a dedicated Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see the following topics:
    • To use a serverless Kubernetes cluster in EDAS, create a serverless Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see Create an ASK cluster.
  • The created Kubernetes cluster is imported to EDAS. For more information, see Import a Kubernetes cluster to the EDAS console.

Background information

You can use Secrets to store sensitive information that needs to be kept confidential, such as passwords and certificates. Secrets can be passed to containers when you create or deploy applications. If you modify a Secret, the modification takes effect after you redeploy the relevant application.

You can use Secrets in the following scenarios:

Create a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side navigation pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, click Create Secrets.
  6. In the Create Secrets panel, set the parameters as required and click Yes.
    Create a Secret
    Parameter Description
    Secret dictionary name The name of the Secret. The name can contain lowercase letters, hyphens (-), and digits. It must start with a letter and cannot end with a hyphen (-).
    Cluster name The Kubernetes cluster for which you want to create the Secret. Select the Kubernetes cluster from the drop-down list.
    K8s namespace The Kubernetes namespace of the cluster. Internal system objects are allocated to different namespaces to form logically isolated projects, groups, or user groups. This way, these projects, groups, or user groups can be separately managed but still share the resources of the entire cluster. Valid values:
    • default: the default Kubernetes namespace. If no Kubernetes namespace is specified for an object, the default Kubernetes namespace is used.
    • kube-system: the Kubernetes namespace of the objects that are created by the system.
    • kube-public: the Kubernetes namespace that is automatically created and can be read by all users, including users who are not authenticated.
    Type The type of the Secret. Valid values: Opaque and TLS certificate.
    • Opaque: The Secret is used to store custom information. If you select Opaque, the Base64 encoded data check box is displayed.

      If you want to upload Base64-encoded data that is converted from binary data, select the Base64 encoded data check box. In this case, you must enter Base64-encoded data for the Secret. EDAS does not encode the data that you enter.

    • TLS certificate: The Secret is used to store your Transport Layer Security (TLS) certificate and the keys involved. This type of Secret is generally used to configure Ingresses for applications. In EDAS, an Ingress is a collection of routing rules that are used to route external HTTPS requests to internal services.
    Opaque The following parameters are required if you set the Type parameter to Opaque:
    • Key: the key of the sensitive information. The value can contain letters, digits, hyphens (-), underscores (_), and periods (.).
    • Value: the value of the sensitive information.
    TLS certificate If you set the Type parameter to TLS certificate, you can create a self-signed certificate or manually specify the keys of your TLS certificate.
    • To manually specify the keys of your TLS certificate, set the Cert parameter to specify the public key and the Key parameter to specify the private key.
    • To create a self-signed certificate, set the Domain, The key length, Certificate start time, and Certificate expiration time parameters.

View a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side navigation pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to view and click Details.
    You can search for the required Secret by the Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace parameter.
  6. The details page of the Secret displays the basic information of the Secret and the data contained in it.
    If the Secret stores the information about a TLS certificate, you can also view the details of the certificate on the page, including the domain name associated with the certificate, the status of the certificate, and the service provider that issued the certificate.

Modify a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side navigation pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to modify and click Edit.
    You can search for the required Secret by the Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace parameter.
  6. In the editing panel, modify the keys and values in the Secret based on your requirements and click Yes.
    Note If the Secret is used by an application, redeploy the application after you modify the Secret. Otherwise, the Secret modification does not take effect in the application.

View the Ingress associated with a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side navigation pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the required Secret and click View associated apps.
    You can search for the required Secret by the Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace parameter.
  6. On the page that appears, view the Ingress associated with the Secret. Click the name of the Ingress to view its details.

Delete a Secret

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations.
  3. In the left-side navigation pane of the Kubernetes Configurations page, click Secrets.
  4. On the Secret page, select a region in the top navigation bar.
  5. On the Secret page, find the Secret that you want to delete and click Delete.
    You can search for the required Secret by the Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace parameter.
  6. In the message that appears, click Yes.
    Note If the Secret is used by an application, we recommend that you delete the Secret after you disassociate the Secret and the application.