Kubernetes - Secret

Last Updated: 2023-08-26

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data. small amount of sensitive data such as a password, a token, or a key.

Default type is type: Opaque.

apiVersion: v1
kind: Secret

kubernetes.io/tls vs Opaque:

The TLS Secret type is provided for user's convenience. You can create an Opaque for credentials used for TLS server and/or client.

All private keys generated and/or managed must be stored as Kubernetes secrets.

Keys stored in kubernetes secrets and mounted as data volumes in the Pod are not considered to be “persisted” since the actual key material is in a file in an in-memory tmpfs directory.

Secret Types

kubernetes.io/tls:
data: ca.crt, tls.crt, tls.key

kubernetes.io/service-account-token
data: ca.crt, token

kubernetes.io/dockerconfigjson
data: .dockerconfigjson

Bootstrap Token: bootstrap.kubernetes.io/token