Day - 35 : Mastering ConfigMaps and Secrets in Kubernetes

Day - 35 : Mastering ConfigMaps and Secrets in Kubernetes

ยท

3 min read

What are ConfigMaps and Secrets in k8s

In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

  • Example :- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐Ÿš€

  • Read more about ConfigMap & Secret.

Task 1:

Create a ConfigMap for your Deployment

Create a ConfigMap for your Deployment using a file or the command line

  • Let's create a config.yml file.
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
  labels:
    app: django-todo-app
  namespace: deploy1
data:
  MYSQL_DB: "database_todo"

  • This YAML file has the MYSQL_DB which we will use in our deployment.yml file.

  • We have also created a namespace deploy1 for our deployment.

  • Before let's create namespace deploy1 using the command:

  • Apply the updated deployment using the command:
kubectl apply -f configmap.yml -n <namespace-name>

  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
kubectl get configmaps -n <namespace-name>

Task 2:

  • Before we create a secret, we need to create a base64 encoded string of the database password that we will use in our deployment.yml file.

  • I'm taking the following details as secret key:

  • following details as secret key:

    Password : test123

echo -n 'test123' | base64
  • For verifying the secret key, we can use the following command:
echo -n 'dGVzdDEyMw==' | base64 --decode

  • Create a Secret that stores the database password and mount it as a volume in the deployment.
apiVersion: v1
kind: Secret
metadata:   
  name: my-secret
  namespace: deploy1
type: Opaque
data:
  password: dGVzdDEyMw==

  • This YAML file has the password which we will use in our deployment.yml file.

  • We have also created a namespace deploy1 for our deployment.

what is the Opaque type?

  • The opaque type is used to store arbitrary data in secret objects.

  • Apply the updated deployment using the command:

kubectl apply -f secret.yml -n <namespace-name>

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secrets -n <namespace-name>

Task 3:

  • Now let's create a deployment.yml file for our deployment in which we add both configmap and secret in the deployment file.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mysql-configuration
   labels:
     app: mysql
   namespace: deploy1 
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: mysql
   template:
     metadata:
       labels:
         app: mysql
     spec:
       containers:
       - name: mysql-container
         image: mysql:8
         ports:
         - containerPort: 3306
         env:
         - name: MYSQL_ROOT_PASSWORD
           valueFrom:
             secretKeyRef:
               name: my-secret
               key: password
         - name: MYSQL_DATABASE
           valueFrom:
             configMapKeyRef:
               name: my-configmap
               key: MYSQL_DB

  • In this yaml file, we have added both configmap and secret in the deployment file.
  • Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>

kubectl get pods -n <namespace>

Did you find this article valuable?

Support Sahil Kamble's blog by becoming a sponsor. Any amount is appreciated!

ย