Ronke's blog
Mastering ConfigMaps and Secrets in Kubernetes

Mastering ConfigMaps and Secrets in Kubernetes

Ronke Akinyemi's photo
Ronke Akinyemi
·

4 min read

What are ConfigMaps and Secrets in Kubernetes?

In Kubernetes, ConfigMaps and Secrets help separate configuration settings and sensitive information from your application code. This separation makes it simpler to handle and update configurations without having to modify the actual application.

ConfigMaps

ConfigMaps are used to store non-sensitive data like environment variables. ConFigMaps are used to store configuration data in key-value pairs that can be consumed by containerized applications running in a Kubernetes cluster. ConfigMaps can store plain text, key-value pairs, or entire configuration files as data. ConfigMaps are often used to store environment variables, configuration files, or any configuration-related data that applications need during runtime. You can mount ConfigMaps as volumes in your containers, inject them as environment variables, or use them in other ways depending on your application's needs.

Secrets

Secrets are similar to ConfigMaps but are specifically designed for sensitive information, such as passwords, API keys, or other confidential data. Secrets can store sensitive data in various formats, including plain text, base64-encoded, or even as files. Secrets keep confidential information secure and separate from the application code and configuration.

Task 1:

  • Create a ConfigMap for your Deployment

  • Create a ConfigMap for your Deployment using a file or the command line

apiVersion: v1
kind: ConfigMap
metadata:
  name: todo-app-config
data:
  name: django-todo-app
  application: todo-app
  protocol: TCP

  • Apply the changes using the below command:
kubectl apply -f configMap.yml
  • Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
  name: config-todo-app
  namespace: my-todo-app  
  labels:
    app: todo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo
  template:
    metadata:
      labels:
        app: todo
    spec:
      containers:
      - name: todo
        image: trainwithshubham/django-todo:latest
        ports:
        - containerPort: 8000
        env:
        - name: TODO_APP
          valueFrom:
            configMapKeyRef:
              name: todo-app-config
              key: application

  • Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

Check the status of the deployment and ConfigMap by running the following command:

kubectl get configmaps -n <namespace-name>

Use the describe command to get a detailed view of the ConfigMap

kubectl describe configmap <configmap-name> -n <namespace-name>

To display the pods:

kubectl get pod -n <namespace-name>

Navigate inside one of the Pods and check the environment variable and the application for detailed status.

Task 2:

  • Create a Secret for your Deployment

  • Create a Secret for your Deployment using a file or the command line

apiVersion: v1
  kind: Secret
  metadata:
    name: todo-app-secret
    namespace: my-todo-app
  type: Opaque
  data:
    username: <base64-encoded-username>
    password: <base64-encoded-password>

You can create your username and password if you don't have them already

Open a terminal and run the following commands to generate base64-encoded values:

echo -n "your_username" | base64
echo -n "your_password" | base64

Replace "your_username" and "your_password" with the desired values. The output of each command is the base64-encoded representation.

apiVersion: v1
kind: Secret
metadata:
  name: todo-app-secret
  namespace: my-todo-app
type: Opaque
data:
  username: cm9ua2U=  # base64-encoded "ronke"
  password: cGFzc3dvcmQ=  # base64-encoded "password"

  • Apply the changes using the below command:
kubectl apply -f secret.yaml -n <namespace-name>

  • Update the deployment.yml file to include the Secret
apiVersion: apps/v1
kind: Deployment
metadata:
  name: config-todo-app
  namespace: my-todo-app
  labels:
    app: todo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo
  template:
    metadata:
      labels:
        app: todo
    spec:
      containers:
      - name: todo
        image: trainwithshubham/django-todo:latest
        ports:
        - containerPort: 8000
        env:
        - name: env_secret
          valueFrom:
            secretKeyRef:
              name: todo-app-secret
              key: password

  • Apply the updated deployment.yml by running the below command:
kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secret -n <namespace-name>

The describe command is used to get a detailed view of a Secret:

kubectl describe secret <secret-name> -n <namespace-name>

To display the pods:

kubectl get pod -n <namespace-name>

Navigate inside one of the Pods and check the environment variable

kubectl exec -it <pod-name> -n <namespace-name> -- sh

Thank you!

DevopsKubernetes#DevopscommunityDevops articlesTrainWithShubham