Welcome back, DevOps enthusiasts!
In my previous blog on "Working with Services in Kubernetes", we've already taken a step into the fascinating world of Kubernetes. If you haven't had a chance to read it yet, I highly recommend you check it out.
Today, we'll delve into another important aspect of Kubernetes orchestration - ConfigMaps and Secrets.
ConfigMaps and Secrets are crucial elements in the management of configuration data and sensitive information within Kubernetes clusters. Understanding how to work with services in Kubernetes is vital for any DevOps engineer.
What are ConfigMaps and Secrets in Kubernetes
In Kubernetes, ConfigMaps and Secrets serve as repositories for configuration data and sensitive information, respectively. ConfigMaps house configuration data through key-value pairs, while Secrets securely store sensitive data in an encrypted format.
ConfigMaps
ConfigMaps in Kubernetes is a resource object designed to store non-sensitive configuration data in key-value pairs. They are particularly useful for separating configuration details from application code, allowing for more flexibility and ease of management.
Example of ConfigMaps
Suppose you have an application that connects to a database, and the connection parameters (such as host, port, username, and password) may change based on the environment (development, testing, production).
Now, instead of sticking these details right into your app's code and making it inflexible, you can use a ConfigMap to stash these values. It's like having a cheat sheet that lets you tweak settings without messing with the code. Nice and tidy!
Secrets
Secrets, on the other hand, are used for storing sensitive information, such as API keys, passwords, or certificates. Unlike ConfigMaps, Secrets are base64-encoded for additional security. Kubernetes takes care of decoding them when mounted into pods.
Example of Secrets
Imagine your app has to connect with an online service, and it needs an API key for that. Instead of directly planting the key inside your app's code, you can craft a Secret. Now, whenever your app requires the key, it can fetch it from the Secret. This not only adds a layer of security but also keeps the key under wraps.
You read more about ConfigMap and Secret on the official Kubernetes website.
Task 01 : Create a ConfigMap for your Deployment
- Create a ConfigMap for your Deployment using a file or the command line.
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
labels:
app: django-todo-app
namespace: deploy1
data:
MYSQL_DB: "database_todo"
In our
deployment.yml
file, we'll utilize theMYSQL_DB
specified in this YAML file.Firstly, let's create the "
deploy1
" namespace using the following command as we have mentioned namespace asdeploy1
Execute the following command to apply the
config.yml
filekubectl apply -f configmap.yml -n <namespace-name>
Ensure the creation of the ConfigMap by inspecting the status of ConfigMaps within your designated namespace.
kubectl get configmaps -n deploy1
For a detailed view of the configmap, use the following command
kubectl describe congigmap <configmap-name> -n <namespace-name>
Task 02: Create a Secrets for your Deployment
Before creating a secret, it's essential to generate a base64-encoded string for the database password, which will be utilized in our
deployment.yml
file.We're designating the subsequent details as secret keys, Password: test123, and subsequently, we encode our password using the provided code.
echo -n 'test123' | base64
To validate the secret key, we try to decode it using the following command
echo -n 'dGVzdDEyMw==' | base64 --decode
Next, let's proceed to create a Secret.yml file that stores the database password and attach it as a volume in the deployment.
apiVersion: v1 kind: Secret metadata: name: my-secret namespace: deploy1 type: Opaque data: password: dGVzdDEyMw==
The password specified in this YAML file will be utilized in our
deployment.yml
file.Execute the following command to apply the
secrets.yml
file.kubectl apply -f secret.yml -n <namespace-name>
Verify the creation of the Secrets by inspecting the status of Secrets within your designated namespace.
kubectl get secrets -n <namespace-name>
Task 03 :
Now at the end, we'll generate a
deployment.yml
file for our deployment, incorporating both theConfigMap
andSecrets
into the deployment configuration.apiVersion: apps/v1 kind: Deployment metadata: name: mysql-configuration labels: app: mysql namespace: deploy1 spec: replicas: 2 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql-container image: mysql:8 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: my-secret key: password - name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: my-configmap key: MYSQL_DB
This YAML file includes both the ConfigMap and Secret within the deployment configuration.
Execute the following command to apply the
deployment.yml
file.kubectl apply -f deployment.yml -n <namespace-name>
Verify the creation of pods by inspecting the status of pods within your designated namespace.
kubectl get pods -n <namespace>
Conclusion
In conclusion, we have seen the fundamentals of ConfigMaps and Secrets in Kubernetes. These resources provide an efficient way to manage configuration data and sensitive information, promoting a more secure and scalable Kubernetes environment.
If you found this blog helpful and are as passionate about Kubernetes and DevOps as I am, let's connect on LinkedIn. I'm eager to build a network of like-minded professionals, share insights, and foster collaborations that drive innovation in the world of technology.
invite you to connect with me on LinkedIn linkedin.com/in/gaurav-gawande-profile for engaging discussions on Kubernetes, DevOps, and all things related.