The following Kubernetes Secrets are used to store sensitive information (with the usual caveat that Secrets don’t protect sensitive information):

  • broker-secret- with a Kubernetes-generated suffix, which stores the credentials used to connect to the Broker.
  • submariner-ipsec-psk, which stores the PSK used for IPsec connections.

These secrets are stored in the operator’s namespace, submariner-operator.

The following fields in the Submariner specification store the names to use:

  • BrokerK8sSecret gives the name of the Broker Secret.
  • CeIPSecPSKSecret gives the name of the IPsec Secret.

The ServiceDiscovery specification also has a BrokerK8sSecret since it needs access to the Broker.

The Operator presents the Secrets as corresponding volumes in the appropriate deployments to make them available to the relevant Submariner components.