In most examples about using secrets in Kubernetes, you can find similar examples:
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: User password: **********
What is the purpose of type: Opaque
in the definition above? What other types (and for which use cases) are possible to specify there?
Opaque is the default Secret type if omitted from a Secret configuration file. When you create a Secret using kubectl , you will use the generic subcommand to indicate an Opaque Secret type. For example, the following command creates an empty Secret of type Opaque .
type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs. In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret . These have a constrained contents.
In short, a “secret” in Kubernetes is a means of storing sensitive information, like an OAuth token or SSH key, so that it's accessible when necessary to pods in your cluster but protected from unnecessary visibility that could create security risks.
Verify the Secret The commands kubectl get and kubectl describe avoid showing the contents of a Secret by default. This is to protect the Secret from being exposed accidentally, or from being stored in a terminal log. To check the actual content of the encoded data, refer to Decoding the Secret.
type: Opaque
means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs.
In contrast, there is the Secret storing ServiceAccount
credentials, or the ones used as ImagePullSecret
. These have a constrained contents.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With