website/docs/user-guide/federation/secrets.md

---
title: Federated Secrets
---

This guide explains how to use secrets in Federation control plane.

* TOC
{:toc}

## Prerequisites

This guide assumes that you have a running Kubernetes Cluster
Federation installation. If not, then head over to the
[federation admin guide](/docs/admin/federation/) to learn how to
bring up a cluster federation (or have your cluster administrator do
this for you). Other tutorials, for example
[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
by Kelsey Hightower, are also available to help you.

You are also expected to have a basic
[working knowledge of Kubernetes](/docs/getting-started-guides/) in
general and [Secrets](/docs/user-guide/secrets/) in particular.

## Overview

Secrets in federation control plane (referred to as "federated secrets" in
this guide) are very similar to the traditional [Kubernetes
Secrets](/docs/user-guide/secrets/) providing the same functionality.
Creating them in the federation control plane ensures that they are synchronized
across all the clusters in federation.


## Creating a Federated Secret

The API for Federated Secret is 100% compatible with the
API for traditional Kubernetes Secret. You can create a secret by sending
a request to the federation apiserver.

You can do that using [kubectl](/docs/user-guide/kubectl/) by running:

``` shell
kubectl --context=federation-cluster create -f mysecret.yaml
```

The '--context=federation-cluster' flag tells kubectl to submit the
request to the Federation apiserver instead of sending it to a Kubernetes
cluster.

Once a federated secret is created, the federation control plane will create
a matching secret in all underlying Kubernetes clusters.
You can verify this by checking each of the underlying clusters, for example:

``` shell
kubectl --context=gce-asia-east1a get secret mysecret
```

The above assumes that you have a context named 'gce-asia-east1a'
configured in your client for your cluster in that zone.

These secrets in underlying clusters will match the federated secret.


## Updating a Federated Secret

You can update a federated secret as you would update a Kubernetes
secret; however, for a federated secret, you must send the request to
the federation apiserver instead of sending it to a specific Kubernetes cluster.
The Federation control plan ensures that whenever the federated secret is
updated, it updates the corresponding secrets in all underlying clusters to
match it.

## Deleting a Federated Secret

You can delete a federated secret as you would delete a Kubernetes
secret; however, for a federated secret, you must send the request to
the federation apiserver instead of sending it to a specific Kubernetes cluster.

For example, you can do that using kubectl by running:

```shell
kubectl --context=federation-cluster delete secret mysecret 
```

Note that at this point, deleting a federated secret will not delete the
corresponding secrets from underlying clusters.
You must delete the underlying secrets manually.
We intend to fix this in the future.
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			`---`
add explicit titles to docs 2016-12-15 20:16:54 +00:00			`title: Federated Secrets`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			`---`

Added title. 2016-09-26 18:18:13 +00:00			`This guide explains how to use secrets in Federation control plane.`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00
			`* TOC`
			`{:toc}`

			`## Prerequisites`

			`This guide assumes that you have a running Kubernetes Cluster`
			`Federation installation. If not, then head over to the`
			`[federation admin guide](/docs/admin/federation/) to learn how to`
			`bring up a cluster federation (or have your cluster administrator do`
			`this for you). Other tutorials, for example`
			`[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)`
			`by Kelsey Hightower, are also available to help you.`

			`You are also expected to have a basic`
			`[working knowledge of Kubernetes](/docs/getting-started-guides/) in`
			`general and [Secrets](/docs/user-guide/secrets/) in particular.`

			`## Overview`

			`Secrets in federation control plane (referred to as "federated secrets" in`
			`this guide) are very similar to the traditional [Kubernetes`
			`Secrets](/docs/user-guide/secrets/) providing the same functionality.`
			`Creating them in the federation control plane ensures that they are synchronized`
			`across all the clusters in federation.`


			`## Creating a Federated Secret`

			`The API for Federated Secret is 100% compatible with the`
			`API for traditional Kubernetes Secret. You can create a secret by sending`
			`a request to the federation apiserver.`

34613 404 Not Found on links referring to /docs/user-guide/kubectl/kubectl/ Changed all links referring to kubectl from /docs/user-guide/kubectl/kubectl/ to /docs/user-guide/kubectl/ 2016-10-15 12:56:15 +00:00			`You can do that using [kubectl](/docs/user-guide/kubectl/) by running:`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00
			``` shell
			`kubectl --context=federation-cluster create -f mysecret.yaml`
			```

			`The '--context=federation-cluster' flag tells kubectl to submit the`
fix typos 2016-12-28 09:48:46 +00:00			`request to the Federation apiserver instead of sending it to a Kubernetes`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			`cluster.`

			`Once a federated secret is created, the federation control plane will create`
fix typos 2016-12-28 09:48:46 +00:00			`a matching secret in all underlying Kubernetes clusters.`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			`You can verify this by checking each of the underlying clusters, for example:`

			``` shell
Fix copy/paste errors in federated secrets docs 2016-11-30 10:40:08 +00:00			`kubectl --context=gce-asia-east1a get secret mysecret`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			```

			`The above assumes that you have a context named 'gce-asia-east1a'`
			`configured in your client for your cluster in that zone.`

			`These secrets in underlying clusters will match the federated secret.`


			`## Updating a Federated Secret`

			`You can update a federated secret as you would update a Kubernetes`
			`secret; however, for a federated secret, you must send the request to`
			`the federation apiserver instead of sending it to a specific Kubernetes cluster.`
			`The Federation control plan ensures that whenever the federated secret is`
			`updated, it updates the corresponding secrets in all underlying clusters to`
			`match it.`

			`## Deleting a Federated Secret`

			`You can delete a federated secret as you would delete a Kubernetes`
			`secret; however, for a federated secret, you must send the request to`
			`the federation apiserver instead of sending it to a specific Kubernetes cluster.`

			`For example, you can do that using kubectl by running:`

			```shell
Fix copy/paste errors in federated secrets docs 2016-11-30 10:40:08 +00:00			`kubectl --context=federation-cluster delete secret mysecret`
Adding user guides for federation replicasets and namespaces 2016-09-23 00:39:44 +00:00			```

			`Note that at this point, deleting a federated secret will not delete the`
			`corresponding secrets from underlying clusters.`
			`You must delete the underlying secrets manually.`
			`We intend to fix this in the future.`