Mastering ConfigMaps and Secrets in Kubernetes

Mastering ConfigMaps and Secrets in Kubernetes

Day 35 : #90DaysOfDevOps Challange

ยท

4 min read

What are ConfigMaps and Secrets in k8s In Kubernetes

ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

Example :-

  1. Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs).

  2. Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐Ÿš€

Task 1: Create a ConfigMap for your Deployment

Create a ConfigMap for your Deployment using the command line. Update the deployment.yml file to include the ConfigMap . Apply the updated deployment using the command: kubectl apply -f deployment.yml -n todo-namespace . Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

Steps to create a ConfigMap for your Deployment:

  1. Create a ConfigMap using the kubectl create configmap command. Here's an example:

     kubectl create configmap todo-config --from-literal=database_host=localhost --from-literal=database_port=5432 -n todo-namespace
    

    This command creates a ConfigMap named todo-config in the todo-namespace namespace with two key-value pairs: database_host and database_port.

  2. Update your Deployment YAML file to include the ConfigMap. Here's an example:

     apiVersion: apps/v1
     kind: Deployment
     metadata:
       name: todo-deployment
       labels:
         app: todo-app
     spec:
       replicas: 1
       selector:
         matchLabels:
           app: todo-app
       template:
         metadata:
           labels:
             app: todo-app
         spec:
           containers:
             - name: todo-app
               image: my-todo-app
               ports:
                 - containerPort: 8000
               env:
                 - name: DATABASE_HOST
                   valueFrom:
                     configMapKeyRef:
                       name: todo-config
                       key: database_host
                 - name: DATABASE_PORT
                   valueFrom:
                     configMapKeyRef:
                       name: todo-config
                       key: database_port
    

    In this example, the env section of the container specifies two environment variables that are sourced from the todo-config ConfigMap. The valueFrom field specifies that the values should be taken from the ConfigMap's database_host and database_port keys.

  3. Apply the updated Deployment using the kubectl apply command:

     kubectl apply -f deployment.yml -n todo-namespace
    

    This command applies the updated Deployment YAML file to your K8s cluster.

  4. Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace:

     kubectl get configmaps -n todo-namespace
    

    This command lists all the ConfigMaps in the todo-namespace namespace. You should see a todo-config ConfigMap listed. You can also inspect the ConfigMap by running kubectl describe configmap todo-config -n todo-namespace.

Task 2: Create a Secret for your Deployment

Create a Secret for your Deployment using a file or the command line. Update the deployment.yml file to include the Secret. Apply the updated deployment using the command: kubectl apply -f deployment.yml -n todo-namespace. Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

To create a Secret for your Deployment using the command line, you can follow these steps:

  1. Create a file containing the secret data in key-value format. For example, create a file named db-secret.txt with the following content:

     username=mydbuser
     password=mydbpassword
    
  2. Create a Secret using the kubectl create secret generic command and specify the file as the source of the secret data:

     kubectl create secret generic db-secret --from-file=db-secret.txt -n todo-namespace
    

    This will create a Secret named db-secret in the todo-namespace Namespace, with the contents of the db-secret.txt file stored as key-value pairs.

  3. Update the deployment.yml file to include the Secret. You can add a volume and a volumeMount section to the Deployment definition, like this:

     spec:
       containers:
       - name: todo-app
         image: <image-name>
         volumeMounts:
         - name: db-secret-volume
           mountPath: /etc/secret-volume
           readOnly: true
       volumes:
       - name: db-secret-volume
         secret:
           secretName: db-secret
    

    This will mount the contents of the db-secret Secret to the /etc/secret-volume directory inside the container.

  4. Apply the updated deployment using the kubectl apply command:

     kubectl apply -f deployment.yml -n todo-namespace
    
  5. Verify that the Secret has been created by checking the status of the Secrets in your Namespace:

     kubectl get secrets -n todo-namespace
    

    You should see the db-secret Secret listed among the other Secrets in the Namespace.

In conclusion, ConfigMaps and Secrets are essential components in managing application configurations and sensitive information in a Kubernetes environment. ConfigMaps are used to manage configuration data such as environment variables, command-line arguments, and configuration files. Secrets, on the other hand, are used to store and manage sensitive information such as passwords, API keys, and other credentials.

In this tutorial, we walked through the process of creating and using ConfigMaps and Secrets in Kubernetes. We created ConfigMaps and Secrets using the command line, updated our Deployment definition to include them, and applied the changes to our Kubernetes cluster.

By following the steps outlined in this tutorial, you should now have a better understanding of how to manage your application configurations and secrets in a Kubernetes environment. Whether you're a beginner or an experienced Kubernetes user, ConfigMaps and Secrets are powerful tools that can help simplify the management of your applications.

Did you find this article valuable?

Support Dhananjay Kulkarni by becoming a sponsor. Any amount is appreciated!

ย