1. Release Notes
    1. Release Notes - 2.1.1Latest
    1. Release Notes - 2.1.0
    1. Release Notes - 2.0.2
    1. Release Notes - 2.0.1
    1. Release Notes - 2.0.0
  1. Introduction
    1. Introduction
    1. Features
    1. Architecture
    1. Advantages
    1. Glossary
  1. Installation
    1. Introduction
      1. Intro
      2. Port Requirements
      3. Kubernetes Cluster Configuration
    1. Install on Linux
      1. All-in-One Installation
      2. Multi-Node Installation
      3. High Availability Configuration
      4. Air Gapped Installation
      5. StorageClass Configuration
      6. Enable All Components
    1. Install on Kubernetes
      1. Prerequisites
      2. Install on K8s
      3. Air Gapped Installation
      4. Install on GKE
    1. Pluggable Components
      1. Pluggable Components
      2. Enable Application Store
      3. Enable DevOps System
      4. Enable Logging System
      5. Enable Service Mesh
      6. Enable Alerting and Notification
      7. Enable Metrics-server for HPA
      8. Verify Components Installation
    1. Upgrade
      1. Overview
      2. All-in-One
      3. Multi-node
    1. Third-Party Tools
      1. Configure Harbor
      2. Access Built-in SonarQube and Jenkins
      3. Enable built-in Grafana Installation
      4. Load Balancer plugin in Bare Metal - Porter
    1. Authentication Integration
      1. Configure LDAP/AD
    1. Cluster Operations
      1. Add or Cordon Nodes
      2. High Risk Operations
      3. Uninstall KubeSphere
  1. Quick Start
    1. 1. Getting Started with Multi-tenancy
    1. 2. Expose your App Using Ingress
    1. 3. Compose and Deploy Wordpress to K8s
    1. 4. Deploy Grafana Using App Template
    1. 5. Job to Compute π to 2000 Places
    1. 6. Create Horizontal Pod Autoscaler
    1. 7. S2I: Publish your App without Dockerfile
    1. 8. B2I: Publish Artifacts to Kubernete
    1. 9. CI/CD based on Spring Boot Project
    1. 10. Jenkinsfile-free Pipeline with Graphical Editing Panel
    1. 11. Canary Release of Bookinfo App
    1. 12. Canary Release based on Ingress-Nginx
    1. 13. Application Store
  1. DevOps
    1. Pipeline
    1. Create SonarQube Token
    1. Credentials
    1. Set CI Node for Dependency Cache
    1. Set Email Server for KubeSphere Pipeline
  1. User Guide
    1. Configration Center
      1. Secrets
      2. ConfigMap
      3. Configure Image Registry
  1. Logging
    1. Log Query
  1. Developer Guide
    1. Introduction to S2I
    1. Custom S2I Template
  1. API Documentation
    1. API Documentation
    1. How to Access KubeSphere API
  1. Troubleshooting
    1. Troubleshooting Guide for Installation
  1. FAQ
    1. Telemetry
KubeSphere®️ 2020 All Rights Reserved.



A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image; putting it in a Secret object allows for more control over how it is used, and reduces the risk of accidental exposure.

Create a Secret

Sign in with project-regular account, enter into one project such as demo-project created in Getting Start with Multi-Tenant Management, then select Configuration Center → Secrets.

Create a Secret

Step 1: Fill in Basic Information

1.1. Click Create Secret button, then fill in basic information in the pop-up window. There are two ways to create a Secret, i.e., UI Mode and Edit Mode. The following mainly introduces each step of UI mode. If you prefer edit mode, you can click on the Edit Mode button, which supports yaml format and json format. Edit mode makes it easy for users who are used to editing yaml-like file directly.

1.2. On the basic information page, enter the name of the Secret. You can also fill in the description as necessary.

  • Name: a concise and clear name for this Secret, which is convenient for users to browse and search.
  • Alias: helps you better distinguish resources and supports languages other than English.
  • Description: a brief introduction to this Secret.

Click Next when you're done.

Basic Information

Step 2: Secret Settings

In the Secret settings, there are four types of secret as below are supported:

Default (Opaque)

Default (Opaque): Secret in base 64 encoding format, used to store passwords, sensitive data, etc. See the following example:

  Password: hello123
  Username: guest

TLS (kubernetes.io/tls)

TLS (kubernetes.io/tls): Commonly used to save information such as TLS certificates and private keys. It can be used to encrypt Ingress. The TLS secret must contain keys named tls.crt and tls.key, saved with Credential and Private Key. See the following example:

apiVersion: v1
  Tls.crt: base64 encoded cert
  Tls.key: base64 encoded key
Kind: Secret
  Name: testsecret
  Namespace: default
Type: kubernetes.io/tls

Image Repository Secret

Image Repository Secret (kubernetes.io/dockerconfigjson): It is used to store the authentication information of an image registry, such as the following information, see Image Registry:

  • Repository address: dockerhub.qingcloud.com
  • Username: guest
  • Password: guest
  • Email: 123@test.com

Note: If there is a json type of image repository secret, you need to refer to the following steps to create:

Assume the private image repository is uc.gcr.io, then you need to input _json_key in User Name, and paste the json content in password. Click Create to finish.

When you create a workload, choose the Image Repository Secret that you created in the previous step, then input the image name directly, it will return the search result.


Custom: Allows users to create a type (type) that is similar to the default (Opaque) type. Both of them are key-value pairs.

Secret Settings

Using a Secret

Secrets can be mounted as data volumes or exposed as environment variables to be used by a container in a Pod.

  • In Volume, click on Reference Config Center, then select the created Secret.
  • In the Environment Variables, click Reference Config Center then select the created key.

Using a Secret

Using a Secret

For more information on how to use the Secret, see Quick-Start - Deploy a MySQL Application.

Create Common Used Secrets

Create Secret of DockerHub

Enter into Configuration Center→ Secrets, click Create.

Secret List

Enter its name, e.g. dockerhub-id, then choose Next.

Secret Basic Info

Select Image Repository Secret from the dropdown list, enter docker.io into Registry Address, then input your DockerHub user name and password. Click Create when you are done.

Secret Settings

Create GitHub

Creating a GitHub secret is similiar as above. Enter its name, e.g. github-id, and choose Account Password Secret. Then input your GitHub user name and password, and click Create.

GitHub Secret