Day 35: Mastering ConfigMaps and Secrets in Kubernetes

ยท

3 min read

Day 35: Mastering ConfigMaps and 
                     Secrets in Kubernetes

What are ConfigMaps and Secrets in k8s

In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

  • Example :- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐Ÿš€

  • Read more about ConfigMap & Secret.

Task 1:

  • Create a ConfigMap for your Deployment

  • Create a ConfigMap for your Deployment using a file or the command line

Apply the changes using :

kubectl apply -f configMap.yaml
  • Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
  name: config-todo-app
  labels:
    app: todo
  namespace: todo-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo
  template:
    metadata:
      labels:
        app: todo
    spec:
      containers:
      - name: todo
        image: trainwithshubham/django-todo:latest
        ports:
        - containerPort: 8000
        env:
          - name: TODO_APP
            valueFrom:
              configMapKeyRef:
                name: todo-app
                key: application

Here, the pod definition includes an environment variable whose value is taken from the ConfigMap. The valueFrom field specifies the source of the value, which is the ConfigMap and the key application. Here, the name field consists of the name of the configMap we just used in the above step.

  • Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

The given command displays list of all ConfigMaps in your namespace

 kubectl get configmaps -n <namespace-name>

The describe command is used to display the status imformation of all the ConfigMaps in your namespace.

 kubectl describe configmap <configmap-name> -n <namespace-name>

This command displays the list of pods:

kubectl get pod -n <namespace-name>

Now, lets go inside one of the pods and see the key-value pair we declared earlier in the ConfigMap.

kubectl -n <namespace-name> -it <pod-name> -- bash

Task 2:

  • Create a Secret for your Deployment

  • Create a Secret for your Deployment using a file or the command line

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded value for "admin"
  password: cGFzc3dvcmQyOTA2  # base64 encoded value for "password123"

In this example, weโ€™re creating a Secret called my-secret with two keys: username and password. The values for these keys are base64-encoded, so that the encoded sensitive information can be stored as plain text in a file.

Lets apply the changes of secret.yaml :

kubectl apply -f secret.yaml -n <namespace-name>
  • Update the deployment.yaml file to include the Secret
apiVersion: apps/v1
kind: Deployment
metadata:
  name: config-demo
  labels:
    app: todo
  namespace: todo-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo
  template:
    metadata:
      labels:
        app: todo
    spec:
      containers:
      - name: todo
        image: trainwithshubham/django-todo:latest
        ports:
        - containerPort: 8000
        env:
          - name: env_secret
            valueFrom:
              secretKeyRef:
                name: my-secret
                key: password
  • Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

You can use the following command to verify that the Secret has been created :

kubectl get secrets -n <namespace-name>

To view the details of a specific Secret:

kubectl describe secret <secret-name> -n <namespace-name>

To see the key-value pairs of an environment variable in a ConfigMap inside a pod :

kubectl get pod -n <namespace-name>
kubectl exec -it <pod-name> -n <namespace-name> -- bash

Thank you for reading !!

ย