Hello Few questions about kubernetes secret objects:
1. What is diff between generic vs TLS secret types? and both I can create secret that holds crt and key. So what the TLS type is different then store certificates in "generic" type? 2. It looks like secret values are not really secret. Reviewing the secret page on kubernetes https://kubernetes.io/docs/concepts/configuration/secret/ it looks like that if you create a secret from a yml file, you should run base64 on the values you put inside the yml. So I wonder what is the encryption here? everyone can get the value from the secret by just decode it back. So how secret actually prevent users to see the values? 3. What about update secret object. How it works? if you patch\edit a secret object, does kubernetes automatically restart the PODs that uses a keys from this secret (lets assume that the secret mapped to environment variable secretKeyRef). If there is no automatic mechanize to update containers that uses secret as environment variable. What is the best practice to do it - just restart all the PODs that uses this secret? if there a way to see which PODs uses specific secret? 4. What is the best practice about creating secret objects? If I have 2 k8s deployments(that related to each other) that each one use different user\password. Should I create 1 secret object with 4 keys : user1, passwd1,user2,passwd2 OR its better to create 2 different secrets each one with user\passwd? I wonder if there is any guideline here. Thanks Shay -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
