Kubernetes Secrets - What is the purpose of type "Opaque" in secret definitions

type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs.

In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret. These have a constrained contents.


All types:

SecretType = "Opaque"                                 // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token"    // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg"                // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson"         // Latest Docker registry auth

To learn more, see Secrets design document.


The source code lists all the types:

https://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/apis/core/types.go#L4447