Day35 of #90DaysOfDevOps
Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️
What are ConfigMaps and Secrets in Kubernetes?
ConfigMaps and Secrets in Kubernetes are both used to manage configuration data for applications running in a Kubernetes cluster, but they serve slightly different purposes:
ConfigMaps:
ConfigMaps are used to store non-confidential configuration data in key-value pairs. This data can be consumed by pods or other Kubernetes resources.
They are useful for separating configuration from application code, allowing you to modify configuration without rebuilding your application image.
ConfigMaps can be used to store configuration files, command-line arguments, environment variables, and more.
They are not designed to store sensitive information, as the data is stored in plain text.
Secrets:
Secrets are similar to ConfigMaps but are specifically designed to store sensitive information, such as passwords, OAuth tokens, and SSH keys.
The data in Secrets is encoded in base64, providing a basic level of security, but it is not encrypted by default. Additional security measures, such as encryption at rest, should be implemented for sensitive data.
Secrets can be used to inject sensitive data into pods as environment variables, files in a volume, or as part of a container's command-line arguments.
Kubernetes provides mechanisms to manage and access Secrets securely, ensuring that sensitive data is protected.
Both ConfigMaps and Secrets help in managing application configuration and sensitive data efficiently, promoting best practices in application deployment and management within Kubernetes.
Task 1: Create a ConfigMap for Your Deployment
Let’s create a ConfigMap that will store some configuration data for your todo-app deployment from previous tasks.
Step 1: Create a ConfigMap YAML File
Here’s a sample ConfigMap for storing environment variables:
apiVersion: v1
kind: ConfigMap
metadata:
name: todo-app-config
namespace: my-namespace
data:
APP_NAME: "Todo Application"
APP_ENV: "production"
- APP_NAME and APP_ENV are key-value pairs that store configuration data for your application.
Step 2: Update the Deployment to Use the ConfigMap
Now, update the deployment.yml
file to reference the ConfigMap:
apiVersion: apps/v1
kind: Deployment
metadata:
name: todo-app-deployment
namespace: my-namespace
spec:
replicas: 2
selector:
matchLabels:
app: todo-app
template:
metadata:
labels:
app: todo-app
spec:
containers:
- name: todo-app
image: trainwithshubham/todo-app:latest
env:
- name: APP_NAME
valueFrom:
configMapKeyRef:
name: todo-app-config
key: APP_NAME
- name: APP_ENV
valueFrom:
configMapKeyRef:
name: todo-app-config
key: APP_ENV
This will inject the values from the ConfigMap as environment variables into your todo-app container.
Step 3: Apply the ConfigMap and Deployment
Use the following commands to apply the ConfigMap and updated Deployment to your Kubernetes cluster:
kubectl apply -f configmap.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace
Step 4: Verify the ConfigMap
Check the status of the ConfigMap by running:
kubectl get configmap -n my-namespace
You can also inspect the contents of the ConfigMap by running:
kubectl describe configmap todo-app-config -n my-namespace
Task 2: Create a Secret for Your Deployment
Now, let’s create a Secret that will store sensitive data like API keys or passwords for your todo-app deployment.
create a yaml file Secret.yaml
Here’s an example of a Secret that stores a database password:
# vim secret.yaml
-------------------------------------------------------------------------------
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
namespace: django-app
labels:
app: mysql
type: Opaque
data:
MYSQL_ROOT_PASSWORD: c3JpcGFyh1
Verify that the secret is working by accessing the todo-app
kubectl apply -f secrets.yaml -n django-app
kubectl get secrets -n django-app
# vim deployment.yaml
-------------------------------------------------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-deploymnet
namespace: django-app
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8
ports:
- containerPort: 3306
env:
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-config
key: MYSQL_DATABASE
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: MYSQL_ROOT_PASSWORD
Verify that the deployment is working by accessing the todo-app
kubectl apply -f deploymnet.yml -n django-app
kubectl get deployment -n django-app
kubectl get pods -n django-app
Today, we explored ConfigMaps and Secrets in Kubernetes, which are essential for managing configuration and sensitive data separately from your application code. By mastering these concepts, you can ensure that your applications are configured dynamically and securely.
ConfigMaps store non-sensitive data, like configuration files and environment variables.
Secrets securely store sensitive information like passwords and API keys.