Skip to content

Adds Secrets to buildcfg, fixes link. #576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adellape merged 1 commit into from
Jun 19, 2015
Merged

Adds Secrets to buildcfg, fixes link. #576

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions _build_cfg.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,8 @@ Topics:
File: integrating_external_services
- Name: Projects
File: projects
- Name: Secrets
File: secrets
- Name: Image Pull Secrets
File: image_pull_secrets
- Name: Resource Limits
Expand Down
26 changes: 15 additions & 11 deletions dev_guide/secrets.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,11 @@ provides an overview on how developers can use them.
}
}
----
<1> The `data` field must match the keys in the the "DNS_SUBDOMAIN" value in `_docs/design/identifiers.md_`.
<1> The `data` field must match the keys in the the "DNS_SUBDOMAIN" value in
`_docs/design/identifiers.md_`.
====

== Properties of secrets
== Properties of Secrets
Key properties include:

- Secret data can be referenced independently from its definition.
Expand Down Expand Up @@ -63,11 +64,13 @@ Therefore, if a secret is updated at the same time as pods are starting,
then the version of the secret will be used for the pod will not be defined.

[NOTE]
====
Currently, it is not possible to check the resource version of a secret object
that was used when a pod was created. It is planned that pods will report this
information, so that a controller could restart ones using a old
`resourceVersion`. In the interim, do not update the data of existing secrets,
`*resourceVersion*`. In the interim, do not update the data of existing secrets,
but create new ones with distinct names.
====

== Creating and Using Secrets
When creating secrets:
Expand All @@ -87,14 +90,15 @@ $ oc create -f secret.json
====

=== Secrets in Volumes
See link:#examples[Examples].

=== Image Pull Secrets
See link:dev_guide/image_pull_secrets.html[the image pull secrets] documentation
for more information.
See the link:image_pull_secrets.html[Image Pull Secrets] topic for more
information.

== Restrictions
Secret volume sources are validated to ensure that the specified object
reference points to a `Secret` object. Therefore, a secret needs to be created
reference points to a `*Secret*` object. Therefore, a secret needs to be created
before the pods that depend on it.

Secret API objects reside in a namespace. They can only be referenced by pods in
Expand All @@ -108,15 +112,15 @@ Currently, when mounting a secret, the service account for a pod must have the
secret in the list of mountable secrets. If a secret is in a template pods will
be rejected until the pod's service account is updated.

=== Secret data keys
Secret keys have to be in a DNS subdomain.
=== Secret Data Keys
Secret keys must be in a DNS subdomain.

== Examples

=== Example: Pod consuming secret data in volume
The following is an example yaml of a pod comsuming data in a volume:

.YAML of a Pod Consuming Data in a Volume
====

[source,yaml]
----
apiVersion: v1
kind: Pod
Expand Down