Reputation: 8211
Kubernetes Secrets - What is the purpose of type "Opaque" in secret definitions
In most examples about using secrets in Kubernetes, you can find similar examples:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: User
password: **********
What is the purpose of type: Opaque in the definition above? What other types (and for which use cases) are possible to specify there?
Upvotes: 70
Views: 48991
Answers (4)
Reputation: 509
All types:
SecretType = "Opaque" // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token" // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg" // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson" // Latest Docker registry auth
To learn more, see Type of Secrets from the Kubernetes docs.
Upvotes: 34
Reputation: 19143
looks like its read only value for clients, clients are not allowed to modify this value.
This value MUST be treated as opaque by clients and passed unmodified back to the serve
this page has the details in the resourceVersion filed.
edit
link change here is the document info:
resourceVersion string An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.9/
https://k8smeetup.github.io/docs/reference/generated/kubernetes-api/v1.9/
Upvotes: -5
Reputation: 12412
The source code lists all the types:
https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447
Upvotes: 5
Reputation: 27170
type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs.
In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret. These have a constrained contents.
Upvotes: 82
Related Questions
- When to use Secrets as opposed to ConfigMaps in Kubernetes?
- Referencing secrets in Kubernetes
- What is the point of Kubernetes secrets if I can decode them?
- Clarification on the security of using secretKeyRef in Kubernetes manifest
- Kubernetes secret is really secret?
- What is the value of Secrets compared to ConfigMaps
- Why do Kubernetes secrets have both a key and name?
- Kubernetes secret types
- what is the use of secrets in kubernetes, and what is its purpose?
- how could `secret` protect sensitive information in Kubernetes