> For the complete documentation index, see [llms.txt](https://renhongcai.gitbook.io/kubernetes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://renhongcai.gitbook.io/kubernetes/di-liu-zhang-pei-zhi-guan-li/6.1-secret-ji-mi-xin-xi-guan-li/1.1-secret_overview.md). # 6.1.1 Secret概述 ## 引入背景 当容器中的应用需要访问容器以外的服务(比如数据库、代码仓库和`kube-apiserver`等)时,那么不可避免地需要使用相应服务的帐号、密码等凭据(取决于具体服务的要求)。所以如何为容器提供凭据、以及容器中的应用如何使用这些凭据就成了不得不思考的问题。 在没有`Secret`之前,为容器提供凭据主要有如下几种方式: * 将凭据硬编码; * 将凭据保存到文件,并最终放置到镜像; * 将凭据保存到文件中,并通过volume的形式挂载到容器; 首先,将凭据硬编码的方式当然不可取,每次凭据变更都需要重新生成二进制文件。其次将私密的凭据放入镜像, 会在镜像分发过程中泄露凭据,同时凭据变更也需要重新制做镜像,变更周期过长。最后,将凭据使用volume的形式挂载到容器这种方式,需要保证volume在多个集群节点共享(或每个节点拥有一个拷贝副本),难以保证凭据的私密性,同时在集群扩容时还需要保证新增节点上能够访问到凭据,维护成本比较大。 针对以上问题,`Kubernetes`设计了一个新的名为`Secrets`的资源类型,专门用来保存私密的凭据,它以键值方式存储凭据,并支持在 Pod 资源中通过环境变量或volume引用。 ## 延伸阅读 * 《Secrets设计提案》 * 《Secrets官方文档》 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://renhongcai.gitbook.io/kubernetes/di-liu-zhang-pei-zhi-guan-li/6.1-secret-ji-mi-xin-xi-guan-li/1.1-secret_overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.