A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image. Users can create secrets and the system also creates some secrets.
The name of a Secret object must be a valid DNS subdomain name.
When a secret currently consumed in a volume is updated, projected keys are eventually updated as well. The kubelet checks whether the mounted secret is fresh on every periodic sync. However, the kubelet uses its local cache for getting the current value of the Secret. The type of the cache is configurable using the ConfigMapAndSecretChangeDetectionStrategy field in the KubeletConfiguration struct. A Secret can be either propagated by watch (default), ttl-based, or simply redirecting all requests directly to the API server. As a result, the total delay from the moment when the Secret is updated to the moment when new keys are projected to the Pod can be as long as the kubelet sync period + cache propagation delay, where the cache propagation delay depends on the chosen cache type (it equals to watch propagation delay, ttl of cache, or zero correspondingly).
Secret volume sources are validated to ensure that the specified object reference actually points to an object of type Secret. Therefore, a secret needs to be created before any Pods that depend on it.
A secret is only sent to a node if a Pod on that node requires it. The kubelet stores the secret into a tmpfs so that the secret is not written to disk storage. Once the Pod that depends on the secret is deleted, the kubelet will delete its local copy of the secret data as well.
Unless otherwise noted, objects defined by this specification MUST NOT contain any additional members. Client and server implementations MUST ignore members not recognized by this specification.
A JSON object MUST be at the root of every JSON:API request and response containing data. This object defines a document`s “top level”.
The top-level links object MAY contain the following members:
For example, the following primary data is a single resource object:
The following primary data is a single resource identifier object that references the same resource:
A resource object MUST contain at least the following top-level members:
Exception: The id member is not required when the resource object originates at the client and represents a new resource to be created on the server.
In addition, a resource object MAY contain any of these top-level members:
Every resource object MUST contain an id member and a type member. The values of the id and type members MUST be strings.
The type member is used to describe resource objects that share common attributes and relationships.
Fields for a resource object MUST share a common namespace with each other and with type and id. In other words, a resource can not have an attribute and relationship with the same name, nor can it have an attribute or relationship named type or id.
The value of the attributes key MUST be an object (an “attributes object”). Members of the attributes object (“attributes”) represent information about the resource object in which it`s defined.
Complex data structures involving JSON objects and arrays are allowed as attribute values. However, any object that constitutes or is contained in an attribute MUST NOT contain a relationships or links member, as those members are reserved by this specification for future use.
Although has-one foreign keys (e.g. author_id) are often stored internally alongside other information to be represented in a resource object, these keys SHOULD NOT appear as attributes.
The value of the relationships key MUST be an object (a “relationships object”). Members of the relationships object (“relationships”) represent references from the resource object in which it`s defined to other resource objects.
A relationship object that represents a to-many relationship MAY also contain pagination links under the links member, as described below. Any pagination links in a relationship object MUST paginate the relationship data, not the related resources.
A “related resource link” provides access to resource objects linked in a relationship. When fetched, the related resource object(s) are returned as the response`s primary data.
For example, an article`s comments relationship could specify a link that returns a collection of comment resource objects when retrieved through a GET request.
Resource linkage in a compound document allows a client to link together all of the included resource objects without having to GET any URLs via links.
Note: The spec does not impart meaning to order of resource identifier objects in linkage arrays of to-many relationships, although implementations may do that. Arrays of resource identifier objects may represent ordered or unordered relationships, and both types can be mixed in one response object.
The author relationship includes a link for the relationship itself (which allows the client to change the related author directly), a related resource link to fetch the resource objects, and linkage information.
The optional links member within each resource object contains links related to the resource.
If present, this links object MAY contain a self link that identifies the resource represented by the resource object.
A “resource identifier object” is an object that identifies an individual resource.
A “resource identifier object” MAY also include a meta member, whose value is a meta object that contains non-standard meta-information.
In a compound document, all included resources MUST be represented as an array of resource objects in a top-level included member.
Compound documents require “full linkage”, meaning that every included resource MUST be identified by at least one resource identifier object in the same document. These resource identifier objects could either be primary data or represent resource linkage contained within primary or included resources.
Note: Full linkage ensures that included resources are related to either the primary data (which could be resource objects or resource identifier objects) or to each other.
A compound document MUST NOT include more than one resource object for each type and id pair.
Note: In a single document, you can think of the type and id as a composite key that uniquely references resource objects in another part of the document.
Note: This approach ensures that a single canonical resource object is returned with each response, even when the same resource is referenced multiple times.
Where specified, a meta member can be used to include non-standard meta-information. The value of each meta member MUST be an object (a “meta object”).
Any members MAY be specified within meta objects.
Where specified, a links member can be used to represent links. The value of each links member MUST be an object (a “links object”).
Each member of a links object is a “link”. A link MUST be represented as either:
The following related link includes a URL as well as meta-information about a related resource collection:
Note: Additional members may be specified for links objects and link objects in the future. It is also possible that the allowed values of additional members will be expanded (e.g. a collection link may support an array of values, whereas a self link does not).
A JSON:API document MAY include information about its implementation under a top level jsonapi member. If present, the value of the jsonapi member MUST be an object (a “jsonapi object”). The jsonapi object MAY contain a version member whose value is a string indicating the highest JSON API version supported. This object MAY also contain a meta member, whose value is a meta object that contains non-standard meta-information.
A server MUST respond to a successful request to fetch a resource collection with an array of resource objects or an empty array () as the response document`s primary data.
A server MUST respond to a successful request to fetch an individual resource with a resource object or null provided as the response document`s primary data.
Note: Consider, for example, a request to fetch a to-one related resource link. This request would respond with null when the relationship is empty (such that the link is corresponding to no resources) but with the single related resource`s resource object otherwise.
A server MUST support fetching relationship data for every relationship URL provided as a self link as part of a relationship`s links object.
The primary data in the response document MUST match the appropriate value for resource linkage, as described above for relationship objects.
The top-level links object MAY contain self and related links, as described above for relationship objects.
If an endpoint supports the include parameter and a client supplies it, the server MUST NOT include unrequested resource objects in the included section of the compound document.
Note: For example, a relationship path could be comments.author, where comments is a relationship listed under a articles resource object, and author is a relationship listed under a comments resource object.
Note: Because compound documents require full linkage (except when relationship linkage is excluded by sparse fieldsets), intermediate resources in a multi-part path must be returned along with the leaf nodes. For example, a response to a request for comments.author should include comments as well as the author of each of those comments.
In this case, the primary data would be a collection of resource identifier objects that represent linkage to comments for an article, while the full comments and comment authors would be returned as included data.
If a client requests a restricted set of fields for a given resource type, an endpoint MUST NOT include additional fields in resource objects of that type in its response.
We offer best objects
best objects, best, objects,