What are ConfigMaps and Secrets in k8s
In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.
Example :- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐
Task 1:
Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using a file or the command line
Apply the changes using :
kubectl apply -f configMap.yaml
- Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-todo-app
labels:
app: todo
namespace: todo-app
spec:
replicas: 2
selector:
matchLabels:
app: todo
template:
metadata:
labels:
app: todo
spec:
containers:
- name: todo
image: trainwithshubham/django-todo:latest
ports:
- containerPort: 8000
env:
- name: TODO_APP
valueFrom:
configMapKeyRef:
name: todo-app
key: application
Here, the pod definition includes an environment variable whose value is taken from the ConfigMap. The valueFrom field specifies the source of the value, which is the ConfigMap and the key application. Here, the name field consists of the name of the configMap we just used in the above step.
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
- Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
The given command displays list of all ConfigMaps in your namespace
kubectl get configmaps -n <namespace-name>
The describe command is used to display the status imformation of all the ConfigMaps in your namespace.
kubectl describe configmap <configmap-name> -n <namespace-name>
This command displays the list of pods:
kubectl get pod -n <namespace-name>
Now, lets go inside one of the pods and see the key-value pair we declared earlier in the ConfigMap.
kubectl -n <namespace-name> -it <pod-name> -- bash
Task 2:
Create a Secret for your Deployment
Create a Secret for your Deployment using a file or the command line
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: YWRtaW4= # base64 encoded value for "admin"
password: cGFzc3dvcmQyOTA2 # base64 encoded value for "password123"
In this example, weโre creating a Secret called my-secret
with two keys: username
and password
. The values for these keys are base64-encoded, so that the encoded sensitive information can be stored as plain text in a file.
Lets apply the changes of secret.yaml
:
kubectl apply -f secret.yaml -n <namespace-name>
- Update the
deployment.yaml
file to include the Secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-demo
labels:
app: todo
namespace: todo-app
spec:
replicas: 2
selector:
matchLabels:
app: todo
template:
metadata:
labels:
app: todo
spec:
containers:
- name: todo
image: trainwithshubham/django-todo:latest
ports:
- containerPort: 8000
env:
- name: env_secret
valueFrom:
secretKeyRef:
name: my-secret
key: password
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
- Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
You can use the following command to verify that the Secret has been created :
kubectl get secrets -n <namespace-name>
To view the details of a specific Secret:
kubectl describe secret <secret-name> -n <namespace-name>
To see the key-value pairs of an environment variable in a ConfigMap inside a pod :
kubectl get pod -n <namespace-name>
kubectl exec -it <pod-name> -n <namespace-name> -- bash
Thank you for reading !!