Day 35 of 90 Days of DevOps Challenge: Mastering ConfigMaps and Secrets in Kubernetes

Welcome to Day 35! 🎉 Yesterday, we explored the world of Namespaces and Services in Kubernetes. Today, we’re going deeper into the concepts of ConfigMaps and Secrets, which are essential for securely managing configuration data and sensitive information in your Kubernetes applications. Let's dive into today's tasks! 🚀


What are ConfigMaps and Secrets in Kubernetes?

In Kubernetes, ConfigMaps and Secrets are used to store and manage configuration data separately from the Pods. The main difference between the two is that ConfigMaps store non-sensitive configuration data, while Secrets store sensitive information in an encrypted format.

  • ConfigMaps: Store simple configuration data in key-value pairs that Pods can reference.

  • Secrets: Store sensitive data like passwords, API keys, and certificates in an encrypted format.


Task 1: Create a ConfigMap for Your Deployment

Let’s create a ConfigMap that will store some configuration data for your todo-app deployment from previous tasks.

Step 1: Create a ConfigMap YAML File

Here’s a sample ConfigMap for storing environment variables:

apiVersion: v1
kind: ConfigMap
metadata:
  name: todo-app-config
  namespace: my-namespace
data:
  APP_NAME: "Todo Application"
  APP_ENV: "production"
  • APP_NAME and APP_ENV are key-value pairs that store configuration data for your application.

Step 2: Update the Deployment to Use the ConfigMap

Now, update the deployment.yml file to reference the ConfigMap:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-app-deployment
  namespace: my-namespace
spec:
  replicas: 2
  selector:
    matchLabels:
      app: todo-app
  template:
    metadata:
      labels:
        app: todo-app
    spec:
      containers:
      - name: todo-app
        image: trainwithshubham/todo-app:latest
        env:
        - name: APP_NAME
          valueFrom:
            configMapKeyRef:
              name: todo-app-config
              key: APP_NAME
        - name: APP_ENV
          valueFrom:
            configMapKeyRef:
              name: todo-app-config
              key: APP_ENV

This will inject the values from the ConfigMap as environment variables into your todo-app container.

Step 3: Apply the ConfigMap and Deployment

Use the following commands to apply the ConfigMap and updated Deployment to your Kubernetes cluster:

kubectl apply -f configmap.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace

Step 4: Verify the ConfigMap

Check the status of the ConfigMap by running:

kubectl get configmap -n my-namespace

You can also inspect the contents of the ConfigMap by running:

kubectl describe configmap todo-app-config -n my-namespace


Task 2: Create a Secret for Your Deployment

Now, let’s create a Secret that will store sensitive data like API keys or passwords for your todo-app deployment.

Step 1: Create a Secret YAML File

Here’s an example of a Secret that stores a database password:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: bXl1c2Vy
  password: bXlwYXNzd29yZA==

The password (DB_PASSWORD) is base64 encoded. You can encode any string to base64 using this command:

echo -n 'myuser' | base64

Step 2: Update the Deployment to Use the Secret

Update your deployment.yml file to reference the Secret:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: my-image
        env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

This will inject the DB_PASSWORD value from the Secret into your todo-app container.

Step 3: Apply the Secret and Deployment

Apply the Secret and the updated Deployment to your Kubernetes cluster:

kubectl apply -f secret.yml -n my-namespace
kubectl apply -f deployment.yml -n my-namespace

Step 4: Verify the Secret

Check the status of the Secret by running:

kubectl get secret -n my-namespace

To view the contents of the Secret (base64 encoded):

kubectl describe secret todo-app-secret -n my-namespace


Conclusion

Today, we explored ConfigMaps and Secrets in Kubernetes, which are essential for managing configuration and sensitive data separately from your application code. By mastering these concepts, you can ensure that your applications are configured dynamically and securely.

  • ConfigMaps store non-sensitive data, like configuration files and environment variables.

  • Secrets securely store sensitive information like passwords and API keys.

Keep building your Kubernetes skills, and don’t forget to share your progress on LinkedIn with #90DaysOfDevOps! 🚀