Credentials¶
Credentials are used to unlock protected resources such as applications, containers, and other assets.
The Credentials manager in the Run:ai environment supports 3 types of credentials:
Secrets¶
Credentials are built using Secrets
. A Secret
is an object that contains a small amount of sensitive data so that you don't need to include confidential data in your application code. When creating a credential you can either create a new secret or use an existing secret.
Existing secrets¶
An existing secret is a secret that you have created before creating the credential. One way to create a secret is to use the Kubernetes Secrets creation tool to create a pre-existing secret for the credential. You must label
these secrets so that they are registered in the Run:ai environment.
The following command makes the secret available to all projects in the cluster.
The following command makes the secret available to the entire scope of a department.
kubectl label secret -n runai <SECRET_NAME> run.ai/resource=<credential_type> run.ai/department=<department-id>
credential_type
is one of the following: password
/ access-key
/ docker-registry
The following command makes the secret available to a specific project in the cluster.
User-id and password¶
You can create a credential using a user-id and password. Use the user-id and password of the target resource.
Configuring Credentials¶
Important
To configure Credentials you need to make sure Workspaces
are enabled.
To configure Credentials:
- Press
Credentials
in the left menu. - Press
New Credential
and select one from the list.
Docker registry
¶
- Select a
Scope
(cluster, department, or project) for the credential. - In the
Credential name
field, enter a name for the credential. -
In the
Secret
field, choose fromExisting secret
orNew secret
.-
If you select
Existing secret
, select an unused secret from the drop down.Note
Existing secrets can't be used more than once.
-
If you choose
New secret
, enter a username and password.
-
-
Enter a URL for the docker registry, then press
Create credential
to create the credential.
Access key
¶
- Select a
Scope
(cluster, department, or project) for the credential. - In the
Credential name
field, enter a name for the credential. -
In the
Secret
field, choose fromExisting secret
orNew secret
.-
If you select
Existing secret
, select an unused secret from the drop down.Note
Existing secrets can't be used more than once.
-
If you choose
New secret
, enter an access key and access secret.
-
-
Press
Create credential
to create the credential.
Username and password
¶
- Select a
Scope
(cluster, department, or project) for the credential. - In the
Credential name
field, enter a name for the credential. -
In the
Secret
field, choose fromExisting secret
orNew secret
.-
If you select
Existing secret
, select an unused secret from the drop down.Note
Existing secrets can't be used more than once.
-
If you choose
New secret
, enter a username and password.
-
-
Press
Create credential
to create the credential.
Credentials Table¶
The Credentials table contains a column that shows the status of the credential. The following statuses are supported:
Status | Description |
---|---|
No issues found | No issues were found when propagating the credential to the configured scope. |
Issues found | Issues were found while propagating the credentials to the configured scope. |
Issues found | The credential could not be created in the cluster. |
No status | Status could not be displayed because the credentials scope is an account. |
No Status | Status could not be displayed because the current version of the cluster is not up to date. |
You can download the Credentials table to a CSV file. Downloading a CSV can provide a snapshot history of your credentials over the course of time, and help with compliance tracking. All the columns that are selected (displayed) in the table will be downloaded to the file.
Use the Cluster filter at the top of the table to see credentials that are assigned to specific clusters.
Note
The cluster filter will be in the top bar when there are clusters that are installed with version 2.16 or lower.
Use the Add filter to add additional filters to the table.
To download the Credentials table to a CSV:
- Open Credentials.
- From the Columns icon, select the columns you would like to have displayed in the table.
- Click on the ellipsis labeled More, and download the CSV.