检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
In high-sensitive scenarios, you are advised to encrypt sensitive data using data encryption services and then store the encrypted data in secrets. kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository
AK/SK authentication: Requests are encrypted using AK/SK pairs. This method is more secure. Token Authentication The validity period of a token is 24 hours. If a token is used for authentication, cache it to prevent frequent API calls.
The password is the encrypted login key of the AK and SK. For details, see Obtaining a Long-Term Valid Login Command.
If your image repository is Huawei Cloud SWR, the password of the destination SWR image repository is the encrypted login key of the AK and SK. For details, see Obtaining a Long-Term Valid Login Command.
-p, --secretPath string: specifies the path that stores the encrypted material of the kubeconfig file to be exported.
Traffic is automatically encrypted using TLS. Peer authentication controls the mode of two-way authentication on the target workload. Creating a Peer Authentication Policy Create a peer authentication policy using YAML. Log in to the UCS console.
In high-sensitive scenarios, you are advised to encrypt sensitive data using data encryption services and then store the encrypted data in secrets. kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository
Sensitive information must be stored in environment variables or encrypted secrets. Figure 1 Podinfo page Procedure Log in to Huawei Cloud Console. Choose Ubiquitous Cloud Native Service from Service List. In the navigation pane, choose Configuration Management.
UCS supports only the three authentication modes. client-certificate-data client-key-data Base64-encrypted string Certificate- and private key–based authentication. client-certificate-data: client certificate encrypted using Base64. client-key-data: client private key encrypted using
The key will be encrypted and stored properly. You do not need to worry about information leakage. Log in to the IAM console using your AWS account ID or account alias, and your IAM username and password.