Day 35: Learn to Manage ConfigMaps and Secrets in Kubernetes

Day 35: Learn to Manage ConfigMaps and Secrets in Kubernetes

ยท

4 min read

Congratulations, yesterday we implemented the service in k8s.

What are ConfigMaps?

ConfigMaps in Kubernetes are the way to configure data separately from the application code. ConfigMaps make it easier to manage and update the configuration for your containers and pods

Key-Points

  • ConfigMaps stores configuration data as key-value pairs.

  • ConfigMaps are used to store configuration settings, environment variables, command-line arguments, and other configuration data that the application needs.

  • ConfigMaps can be mounted as volume or exposed as environment variables in pods, allowing applications to access the configuration data.

  • By using ConfigMaps, you can keep configuration settings separate from your application code.

  • You can update the ConfigMap without redeploying your application.

      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: my-config
      data:
        MY_SQL_DATABASE: "my-database"
        api_key: "your-api-key"
    

What are the Secrets in K8s?

Secrets in Kubernetes are a way to securely manage and store sensitive information, such as passwords, API tokens, and encryption keys. They are similar to ConfigMaps but are specifically designed to handle confidential data.

Key-points

  • Secrets are used to store sensitive or confidential information, such as database passwords, access tokens etc.

  • Data stored in Secrets is base64 encoded.

  • Secrets are commonly used for storing credentials needed by applications to access databases, external services, or other secure resources.

  • Kubernetes provides mechanisms to secure Secrets, including encryption at rest and in transit.

      apiVersion: v1
      kind: Secret
      metadata: 
        name: my-secret
      type: Opaque
      data: 
        username: YWRtaW4=  # Base64-encoded username
        password: cGFzc3dvcmQ=  # Base64-encoded password
    

TASK 1

Create a ConfigMap for your Deployment

Create a ConfigMap for your Deployment using a file or the command line

Update the deployment.yml file to include the ConfigMap

Apply the updated deployment using the command.

Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

steps:

  • Create a ConfigMap file and add the content in it.

      #configmap.yml
      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: my-config
        namespace: my-app
      data:
        key1: value1
        key2: value2
    

    Save this file and apply it to the Kubernetes by using the following command:

      kubectl apply -f configmap.yml
    
  • Go to the deployment file which you created for the previous day's task and edit it with the following content:

      #deployment.yml
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: todo-app
        namepsace: my-app
      spec:
        replicas: 1
        template:
          metadata:
            namespace: my-app
            labels:
              app: todo-app
          spec:
            containers:
              - name: todo-app-container
                image: todo-app-image:latest
                env:
                  - name: KEY1
                    valueFrom:
                      configMapKeyRef:
                        name: my-config  # Reference to your ConfigMap
                        key: key1
                  - name: KEY2
                    valueFrom:
                      configMapKeyRef:
                        name: my-config  # Reference to your ConfigMap
                        key: key2
    

    Added the environment variables 'key1' and 'key2' to the container and referenced value from the 'my-config' ConfigMap.

  • After making the update in 'deployment.yml', update it to the Kubernetes by using the command

      kubectl apply -f deployment.yml -n my-app
    
  • Check the ConfigMap is successfully created under your namespace by using the command

      kubectl get configmaps -n my-app
    

    This command lists all the ConfigMaps under your namespace.


TASK 2

Create a Secret for your Deployment

Create a Secret for your Deployment using a file or the command line

Update the deployment.yml file to include the Secret

Apply the updated deployment using the command.

Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

Steps:

  • Create a secret file and add the following content to it.

      #secrets.yml
      apiVersion: v1
      kind: Secret
      metadata:
        name: todo-app-secret
        namespace: my-app
      type: Opaque
      data:
        username: #add any encrypted username
        password: #add any encrypted password
    

    Then, apply it to the Kubernetes cluster

      kubectl apply -f secrets.yml
    
  • update the deployment file by adding the following content

      #deployment.yml
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: todo-app
        namespace: my-app
      spec:
        replicas: 1
        template:
          metadata:
            namespace: my-app
            labels:
              app: todo-app
          spec:
            containers:
              - name: todo-app-container
                image: todo-app-image:latest
                env:
                  - name: MY_USERNAME
                    valueFrom:
                      secretKeyRef:
                        name: my-secret  # Reference to your Secret
                        key: username
                  - name: MY_PASSWORD
                    valueFrom:
                      secretKeyRef:
                        name: my-secret  # Reference to your Secret
                        key: password
    
  • Apply the updated deployment file in the Kubernetes cluster by using the command

      kubectl apply -f deployment.yml -n my-app
    
  • Verify that the secrets are created under your namespace by using the command

      kubectl get secrets -n my-app
    

    It will show you the lists of the secrets created under your namespace 'my-app'.


<That's all for today. Hope you like it. FOLLOW to join me in the journey of DevOps>

ย