Day 35 of 90 Days of DevOps Challenge: Mastering ConfigMaps and Secrets in Kubernetes
Welcome to Day 35! 🎉 Yesterday, we explored the world of Namespaces and Services in Kubernetes. Today, we’re going deeper into the concepts of ConfigMaps and Secrets, which are essential for securely managing configuration data and sensitive information in your Kubernetes applications. Let's dive into today's tasks! 🚀
What are ConfigMaps and Secrets in Kubernetes?
In Kubernetes, ConfigMaps and Secrets are used to store and manage configuration data separately from the Pods. The main difference between the two is that ConfigMaps store non-sensitive configuration data, while Secrets store sensitive information in an encrypted format.
ConfigMaps: Store simple configuration data in key-value pairs that Pods can reference.
Secrets: Store sensitive data like passwords, API keys, and certificates in an encrypted format.
Task 1: Create a ConfigMap for Your Deployment
Let’s create a ConfigMap that will store some configuration data for your todo-app deployment from previous tasks.
Step 1: Create a ConfigMap YAML File
Here’s a sample ConfigMap for storing environment variables:
apiVersion: v1
kind: ConfigMap
metadata:
name: todo-app-config
namespace: my-namespace
data:
APP_NAME: "Todo Application"
APP_ENV: "production"
- APP_NAME and APP_ENV are key-value pairs that store configuration data for your application.
Step 2: Update the Deployment to Use the ConfigMap
Now, update the deployment.yml
file to reference the ConfigMap:
apiVersion: apps/v1
kind: Deployment
metadata:
name: todo-app-deployment
namespace: my-namespace
spec:
replicas: 2
selector:
matchLabels:
app: todo-app
template:
metadata:
labels:
app: todo-app
spec:
containers:
- name: todo-app
image: trainwithshubham/todo-app:latest
env:
- name: APP_NAME
valueFrom:
configMapKeyRef:
name: todo-app-config
key: APP_NAME
- name: APP_ENV
valueFrom:
configMapKeyRef:
name: todo-app-config
key: APP_ENV
This will inject the values from the ConfigMap as environment variables into your todo-app container.
Step 3: Apply the ConfigMap and Deployment
Use the following commands to apply the ConfigMap and updated Deployment to your Kubernetes cluster:
kubectl apply -f configmap.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace
Step 4: Verify the ConfigMap
Check the status of the ConfigMap by running:
kubectl get configmap -n my-namespace
You can also inspect the contents of the ConfigMap by running:
kubectl describe configmap todo-app-config -n my-namespace
Task 2: Create a Secret for Your Deployment
Now, let’s create a Secret that will store sensitive data like API keys or passwords for your todo-app deployment.
Step 1: Create a Secret YAML File
Here’s an example of a Secret that stores a database password:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: bXl1c2Vy
password: bXlwYXNzd29yZA==
The password (
DB_PASSWORD
) is base64 encoded. You can encode any string to base64 using this command:
echo -n 'myuser' | base64
Step 2: Update the Deployment to Use the Secret
Update your deployment.yml
file to reference the Secret:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: my-image
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
This will inject the DB_PASSWORD
value from the Secret into your todo-app container.
Step 3: Apply the Secret and Deployment
Apply the Secret and the updated Deployment to your Kubernetes cluster:
kubectl apply -f secret.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace
Step 4: Verify the Secret
Check the status of the Secret by running:
kubectl get secret -n my-namespace
To view the contents of the Secret (base64 encoded):
kubectl describe secret todo-app-secret -n my-namespace
Conclusion
Today, we explored ConfigMaps and Secrets in Kubernetes, which are essential for managing configuration and sensitive data separately from your application code. By mastering these concepts, you can ensure that your applications are configured dynamically and securely.
ConfigMaps store non-sensitive data, like configuration files and environment variables.
Secrets securely store sensitive information like passwords and API keys.
Keep building your Kubernetes skills, and don’t forget to share your progress on LinkedIn with #90DaysOfDevOps! 🚀