Day35 of #90DaysOfDevOps

Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

·

4 min read

What are ConfigMaps and Secrets in Kubernetes?

ConfigMaps and Secrets in Kubernetes are both used to manage configuration data for applications running in a Kubernetes cluster, but they serve slightly different purposes:

  1. ConfigMaps:

    • ConfigMaps are used to store non-confidential configuration data in key-value pairs. This data can be consumed by pods or other Kubernetes resources.

    • They are useful for separating configuration from application code, allowing you to modify configuration without rebuilding your application image.

    • ConfigMaps can be used to store configuration files, command-line arguments, environment variables, and more.

    • They are not designed to store sensitive information, as the data is stored in plain text.

  2. Secrets:

    • Secrets are similar to ConfigMaps but are specifically designed to store sensitive information, such as passwords, OAuth tokens, and SSH keys.

    • The data in Secrets is encoded in base64, providing a basic level of security, but it is not encrypted by default. Additional security measures, such as encryption at rest, should be implemented for sensitive data.

    • Secrets can be used to inject sensitive data into pods as environment variables, files in a volume, or as part of a container's command-line arguments.

    • Kubernetes provides mechanisms to manage and access Secrets securely, ensuring that sensitive data is protected.

Both ConfigMaps and Secrets help in managing application configuration and sensitive data efficiently, promoting best practices in application deployment and management within Kubernetes.


Task 1: Create a ConfigMap for Your Deployment

Let’s create a ConfigMap that will store some configuration data for your todo-app deployment from previous tasks.

Step 1: Create a ConfigMap YAML File

Here’s a sample ConfigMap for storing environment variables:

apiVersion: v1
kind: ConfigMap
metadata:
  name: todo-app-config
  namespace: my-namespace
data:
  APP_NAME: "Todo Application"
  APP_ENV: "production"
  • APP_NAME and APP_ENV are key-value pairs that store configuration data for your application.

Step 2: Update the Deployment to Use the ConfigMap

Now, update the deployment.yml file to reference the ConfigMap:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-app-deployment
  namespace: my-namespace
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo-app
  template:
    metadata:
      labels:
        app: todo-app
    spec:
      containers:
      - name: todo-app
        image: trainwithshubham/todo-app:latest
        env:
        - name: APP_NAME
          valueFrom:
            configMapKeyRef:
              name: todo-app-config
              key: APP_NAME
        - name: APP_ENV
          valueFrom:
            configMapKeyRef:
              name: todo-app-config
              key: APP_ENV

This will inject the values from the ConfigMap as environment variables into your todo-app container.

Step 3: Apply the ConfigMap and Deployment

Use the following commands to apply the ConfigMap and updated Deployment to your Kubernetes cluster:

kubectl apply -f configmap.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace

Step 4: Verify the ConfigMap

Check the status of the ConfigMap by running:

kubectl get configmap -n my-namespace

You can also inspect the contents of the ConfigMap by running:

kubectl describe configmap todo-app-config -n my-namespace

Task 2: Create a Secret for Your Deployment

Now, let’s create a Secret that will store sensitive data like API keys or passwords for your todo-app deployment.

  • create a yaml file Secret.yaml

    Here’s an example of a Secret that stores a database password:

# vim secret.yaml
-------------------------------------------------------------------------------
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
  namespace: django-app
  labels:
    app: mysql
type: Opaque
data:
  MYSQL_ROOT_PASSWORD: c3JpcGFyh1
  • Verify that the secret is working by accessing the todo-app

kubectl apply -f secrets.yaml -n django-app
kubectl get secrets -n django-app


# vim deployment.yaml
-------------------------------------------------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deploymnet
  namespace: django-app
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql:8
          ports:
            - containerPort: 3306
          env:
            - name: MYSQL_DATABASE
              valueFrom:
                configMapKeyRef:
                  name: mysql-config
                  key: MYSQL_DATABASE
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
                  key: MYSQL_ROOT_PASSWORD
  • Verify that the deployment is working by accessing the todo-app

kubectl apply -f deploymnet.yml -n django-app
kubectl get deployment -n django-app
kubectl get pods -n django-app

Today, we explored ConfigMaps and Secrets in Kubernetes, which are essential for managing configuration and sensitive data separately from your application code. By mastering these concepts, you can ensure that your applications are configured dynamically and securely.

  • ConfigMaps store non-sensitive data, like configuration files and environment variables.

  • Secrets securely store sensitive information like passwords and API keys.

Â