Kubernetes Secrets - What is the purpose of type "Opaque" in secret definitions
type: Opaque
means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs.
In contrast, there is the Secret storing ServiceAccount
credentials, or the ones used as ImagePullSecret
. These have a constrained contents.
All types:
SecretType = "Opaque" // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token" // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg" // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson" // Latest Docker registry auth
To learn more, see Secrets design document.
The source code lists all the types:
https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447