61

In most examples about using secrets in Kubernetes, you can find similar examples:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: User
  password: **********

What is the purpose of type: Opaque in the definition above? What other types (and for which use cases) are possible to specify there?

Denis Biondic
  • 7,943
  • 5
  • 48
  • 79

4 Answers4

75

type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs.

In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret. These have a constrained contents.

Denis Biondic
  • 7,943
  • 5
  • 48
  • 79
Janos Lenart
  • 25,074
  • 5
  • 73
  • 75
31

All types:

SecretType = "Opaque"                                 // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token"    // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg"                // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson"         // Latest Docker registry auth

To learn more, see Secrets design document.

S.J
  • 471
  • 4
  • 2
4

The source code lists all the types:

https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447

user674669
  • 10,681
  • 15
  • 72
  • 105
-5

looks like its read only value for clients, clients are not allowed to modify this value.

This value MUST be treated as opaque by clients and passed unmodified back to the serve

this page has the details in the resourceVersion filed.

edit

link change here is the document info:

resourceVersion string An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.9/ https://k8smeetup.github.io/docs/reference/generated/kubernetes-api/v1.9/

Kamafeather
  • 8,663
  • 14
  • 69
  • 99
sfgroups
  • 18,151
  • 28
  • 132
  • 204