Kubernetes 秘密 - 秘密定义中类型 "Opaque" 的用途是什么
Kubernetes Secrets - What is the purpose of type "Opaque" in secret definitions
在大多数关于在 Kubernetes 中使用秘密的示例中,您可以找到类似的示例:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: User
password: **********
上面定义中type: Opaque的目的是什么?可以在那里指定哪些其他类型(以及哪些用例)?
看起来它的客户端只读值,不允许客户端修改此值。
This value MUST be treated as opaque by clients and passed unmodified
back to the serve
此页面在 resourceVersion 字段中有详细信息。
编辑
link 此处更改为文档信息:
resourceVersion string An opaque value that represents the internal
version of this object that can be used by clients to determine when
objects have changed. May be used for optimistic concurrency, change
detection, and the watch operation on a resource or set of resources.
Clients must treat these values as opaque and passed unmodified back
to the server. They may only be valid for a particular resource or set
of resources. Populated by the system. Read-only. Value must be
treated as opaque by clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.9/
https://k8smeetup.github.io/docs/reference/generated/kubernetes-api/v1.9/
type: Opaque表示从kubernetes的角度来看这个Secret的内容是非结构化的,它可以包含任意键值对。
相比之下,Secret 存储 ServiceAccount 凭据,或用作 ImagePullSecret 的凭据。这些内容有限制。
源码列出所有类型:
https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447
所有类型:
SecretType = "Opaque" // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token" // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg" // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson" // Latest Docker registry auth
要了解更多信息,请参阅 Secrets design document。
在大多数关于在 Kubernetes 中使用秘密的示例中,您可以找到类似的示例:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: User
password: **********
上面定义中type: Opaque的目的是什么?可以在那里指定哪些其他类型(以及哪些用例)?
看起来它的客户端只读值,不允许客户端修改此值。
This value MUST be treated as opaque by clients and passed unmodified back to the serve
此页面在 resourceVersion 字段中有详细信息。
编辑
link 此处更改为文档信息:
resourceVersion string An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.9/
https://k8smeetup.github.io/docs/reference/generated/kubernetes-api/v1.9/
type: Opaque表示从kubernetes的角度来看这个Secret的内容是非结构化的,它可以包含任意键值对。
相比之下,Secret 存储 ServiceAccount 凭据,或用作 ImagePullSecret 的凭据。这些内容有限制。
源码列出所有类型:
https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447
所有类型:
SecretType = "Opaque" // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token" // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg" // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson" // Latest Docker registry auth
要了解更多信息,请参阅 Secrets design document。