Mastering ConfigMaps and Secrets in Kubernetes

ยท

4 min read

Mastering ConfigMaps and Secrets in Kubernetes

What are ConfigMaps and Secrets in k8s

In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

ConfigMaps: In Kubernetes, ConfigMaps are a way to store configuration data that your application needs. This data can include things like environment variables, configuration files, or command-line arguments. Instead of hardcoding this data into your application code, you can store it separately in a ConfigMap. For example, you could use a ConfigMap to store the URL of an external service that your app interacts with. This makes it easier to update configuration without changing your app's code.

Example: Imagine you have an app that connects to a database. Instead of writing the database address directly into your app, you can put it in a ConfigMap. Then, your app can look at the ConfigMap to find the address. If the address changes, you only need to update the ConfigMap, and your app stays the same.

Secrets: Secrets are like ConfigMaps, but they're used for super-secret stuff, like passwords or special codes. They're encoded and locked away securely. So, if your app needs a password to access something, you can use a Secret to keep that password safe. This way, the password isn't hanging around in your app's code for anyone to see.

Example: Suppose your app needs to connect to an online service using an API key. Instead of putting the key directly in your app, you can create a Secret. Your app can then use the Secret to get the key when it needs it. This adds an extra layer of security because the key is kept hidden.

Task 1: ConfigMap Mastery for Deployment Enhancement

  • Create a ConfigMap for your Deployment using a file or the command line
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-demo
data:
  name: django-todo-app
  namespace: todo-app
  application: todo-app
  protocol: TCP

kubectl apply -f <configMap file name> -n <namespace-name>

  • Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-app-deployment
  labels: 
    app: todo-app  
  namespace: todo-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: todo-app
  template:
    metadata:
      labels:
        app: todo-app
    spec:
      containers:
        - name: todo-app
          image: sompandey/todo-app
          ports:
          - containerPort: 8000

          env:
            - name: application
              valueFrom:
                configMapKeyRef:
                  name: app-demo
                  key: application

  • Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the ConfigMapassword: YgygjydLKJOIp has been created by checking the status of the ConfigMaps in your Namespace.

To verify that the ConfigMap has been created, you can use the following command:

kubectl get configmaps -n <namespace-name>

To view detailed information about the configmap use the following command:

kubectl describe congigmap <configmap-name> -n <namespace-name>

Task 2: Power Up Your Deployment with Secrets

  • Create a Secret for your Deployment using a file or the command line
apiVersion: v1
kind: Secret
metadata:
  name: secret-file
  namespace: todo-app
type: Opaque
data:
  password: YgygjydLKJOI

You can create a secret by running a following command:

kubectl apply -f < secret-file-name > -n < namespace-name >

  • Update the deployment.yml file to include the Secret
apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-app-deployment
  labels:
    app: todo-app
  namespace: todo-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: todo-app
  template:
    metadata:
      labels:
        app: todo-app
    spec:
      containers:
        - name: todo-app
          image: sompandey/todo-app
          ports:
          - containerPort: 8000

          env:
            - name: secret
              valueFrom:
                secretKeyRef:
                  name: secret-file
                  key: password

  • Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

To verify that the Secret has been created, you can use the following command:

kubectl get secrets -n < namespace-name >

To view detailed information about the secret use the following command:

kubectl describe secret <secret-name> -n <namespace-name>

"Thank you for enjoying my DevOps blog! Your positive response fuels my passion to dive deeper into technology and innovation.

Stay tuned for more captivating DevOps articles, where we'll explore this dynamic field together. Follow me on Hashnode and connect on LinkedIn (https://www.linkedin.com/in/som-shanker-pandey/) for the latest updates and discussions.

Did you find this article valuable?

Support Som Pandey's blog by becoming a sponsor. Any amount is appreciated!

ย