Mastering ConfigMaps and Secrets in Kubernetes
Day 35 : #90DaysOfDevOps Challange
What are ConfigMaps and Secrets in k8s In Kubernetes
ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.
Example :-
Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs).
Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐
Task 1: Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using the command line. Update the deployment.yml file to include the ConfigMap . Apply the updated deployment using the command: kubectl apply -f deployment.yml -n todo-namespace
. Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
Steps to create a ConfigMap for your Deployment:
Create a ConfigMap using the
kubectl create configmap
command. Here's an example:kubectl create configmap todo-config --from-literal=database_host=localhost --from-literal=database_port=5432 -n todo-namespace
This command creates a ConfigMap named
todo-config
in thetodo-namespace
namespace with two key-value pairs:database_host
anddatabase_port
.Update your Deployment YAML file to include the ConfigMap. Here's an example:
apiVersion: apps/v1 kind: Deployment metadata: name: todo-deployment labels: app: todo-app spec: replicas: 1 selector: matchLabels: app: todo-app template: metadata: labels: app: todo-app spec: containers: - name: todo-app image: my-todo-app ports: - containerPort: 8000 env: - name: DATABASE_HOST valueFrom: configMapKeyRef: name: todo-config key: database_host - name: DATABASE_PORT valueFrom: configMapKeyRef: name: todo-config key: database_port
In this example, the
env
section of the container specifies two environment variables that are sourced from thetodo-config
ConfigMap. ThevalueFrom
field specifies that the values should be taken from the ConfigMap'sdatabase_host
anddatabase_port
keys.Apply the updated Deployment using the
kubectl apply
command:kubectl apply -f deployment.yml -n todo-namespace
This command applies the updated Deployment YAML file to your K8s cluster.
Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace:
kubectl get configmaps -n todo-namespace
This command lists all the ConfigMaps in the
todo-namespace
namespace. You should see atodo-config
ConfigMap listed. You can also inspect the ConfigMap by runningkubectl describe configmap todo-config -n todo-namespace
.
Task 2: Create a Secret for your Deployment
Create a Secret for your Deployment using a file or the command line. Update the deployment.yml file to include the Secret. Apply the updated deployment using the command: kubectl apply -f deployment.yml -n todo-namespace.
Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
To create a Secret for your Deployment using the command line, you can follow these steps:
Create a file containing the secret data in key-value format. For example, create a file named
db-secret.txt
with the following content:username=mydbuser password=mydbpassword
Create a Secret using the
kubectl create secret generic
command and specify the file as the source of the secret data:kubectl create secret generic db-secret --from-file=db-secret.txt -n todo-namespace
This will create a Secret named
db-secret
in thetodo-namespace
Namespace, with the contents of thedb-secret.txt
file stored as key-value pairs.Update the
deployment.yml
file to include the Secret. You can add avolume
and avolumeMount
section to the Deployment definition, like this:spec: containers: - name: todo-app image: <image-name> volumeMounts: - name: db-secret-volume mountPath: /etc/secret-volume readOnly: true volumes: - name: db-secret-volume secret: secretName: db-secret
This will mount the contents of the
db-secret
Secret to the/etc/secret-volume
directory inside the container.Apply the updated deployment using the
kubectl apply
command:kubectl apply -f deployment.yml -n todo-namespace
Verify that the Secret has been created by checking the status of the Secrets in your Namespace:
kubectl get secrets -n todo-namespace
You should see the
db-secret
Secret listed among the other Secrets in the Namespace.
In conclusion, ConfigMaps and Secrets are essential components in managing application configurations and sensitive information in a Kubernetes environment. ConfigMaps are used to manage configuration data such as environment variables, command-line arguments, and configuration files. Secrets, on the other hand, are used to store and manage sensitive information such as passwords, API keys, and other credentials.
In this tutorial, we walked through the process of creating and using ConfigMaps and Secrets in Kubernetes. We created ConfigMaps and Secrets using the command line, updated our Deployment definition to include them, and applied the changes to our Kubernetes cluster.
By following the steps outlined in this tutorial, you should now have a better understanding of how to manage your application configurations and secrets in a Kubernetes environment. Whether you're a beginner or an experienced Kubernetes user, ConfigMaps and Secrets are powerful tools that can help simplify the management of your applications.