Mastering ConfigMaps and Secrets in Kubernetes

Mastering ConfigMaps and Secrets in Kubernetes

Welcome back, DevOps enthusiasts!

In my previous blog on "Working with Services in Kubernetes", we've already taken a step into the fascinating world of Kubernetes. If you haven't had a chance to read it yet, I highly recommend you check it out.

Today, we'll delve into another important aspect of Kubernetes orchestration - ConfigMaps and Secrets.

ConfigMaps and Secrets are crucial elements in the management of configuration data and sensitive information within Kubernetes clusters. Understanding how to work with services in Kubernetes is vital for any DevOps engineer.

What are ConfigMaps and Secrets in Kubernetes

In Kubernetes, ConfigMaps and Secrets serve as repositories for configuration data and sensitive information, respectively. ConfigMaps house configuration data through key-value pairs, while Secrets securely store sensitive data in an encrypted format.

ConfigMaps

ConfigMaps in Kubernetes is a resource object designed to store non-sensitive configuration data in key-value pairs. They are particularly useful for separating configuration details from application code, allowing for more flexibility and ease of management.

Example of ConfigMaps

Suppose you have an application that connects to a database, and the connection parameters (such as host, port, username, and password) may change based on the environment (development, testing, production).

Now, instead of sticking these details right into your app's code and making it inflexible, you can use a ConfigMap to stash these values. It's like having a cheat sheet that lets you tweak settings without messing with the code. Nice and tidy!

Secrets

Secrets, on the other hand, are used for storing sensitive information, such as API keys, passwords, or certificates. Unlike ConfigMaps, Secrets are base64-encoded for additional security. Kubernetes takes care of decoding them when mounted into pods.

Example of Secrets

Imagine your app has to connect with an online service, and it needs an API key for that. Instead of directly planting the key inside your app's code, you can craft a Secret. Now, whenever your app requires the key, it can fetch it from the Secret. This not only adds a layer of security but also keeps the key under wraps.

You read more about ConfigMap and Secret on the official Kubernetes website.

Task 01 : Create a ConfigMap for your Deployment

  1. Create a ConfigMap for your Deployment using a file or the command line.
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
  labels:
    app: django-todo-app
  namespace: deploy1
data:
  MYSQL_DB: "database_todo"

  1. In our deployment.yml file, we'll utilize the MYSQL_DB specified in this YAML file.

  2. Firstly, let's create the "deploy1" namespace using the following command as we have mentioned namespace as deploy1

  3. Execute the following command to apply the config.yml file

     kubectl apply -f configmap.yml -n <namespace-name>
    

  4. Ensure the creation of the ConfigMap by inspecting the status of ConfigMaps within your designated namespace.

     kubectl get configmaps -n deploy1
    

  5. For a detailed view of the configmap, use the following command

     kubectl describe congigmap <configmap-name> -n <namespace-name>
    

Task 02: Create a Secrets for your Deployment

  1. Before creating a secret, it's essential to generate a base64-encoded string for the database password, which will be utilized in our deployment.yml file.

  2. We're designating the subsequent details as secret keys, Password: test123, and subsequently, we encode our password using the provided code.

     echo -n 'test123' | base64
    

  3. To validate the secret key, we try to decode it using the following command

     echo -n 'dGVzdDEyMw==' | base64 --decode
    
  4. Next, let's proceed to create a Secret.yml file that stores the database password and attach it as a volume in the deployment.

     apiVersion: v1
     kind: Secret
     metadata:   
       name: my-secret
       namespace: deploy1
     type: Opaque
     data:
       password: dGVzdDEyMw==
    

    The password specified in this YAML file will be utilized in our deployment.yml file.

  5. Execute the following command to apply the secrets.yml file.

     kubectl apply -f secret.yml -n <namespace-name>
    

  6. Verify the creation of the Secrets by inspecting the status of Secrets within your designated namespace.

     kubectl get secrets -n <namespace-name>
    

Task 03 :

  1. Now at the end, we'll generate a deployment.yml file for our deployment, incorporating both the ConfigMap and Secrets into the deployment configuration.

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: mysql-configuration
        labels:
          app: mysql
        namespace: deploy1 
      spec:
        replicas: 2
        selector:
          matchLabels:
            app: mysql
        template:
          metadata:
            labels:
              app: mysql
          spec:
            containers:
            - name: mysql-container
              image: mysql:8
              ports:
              - containerPort: 3306
              env:
              - name: MYSQL_ROOT_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: my-secret
                    key: password
              - name: MYSQL_DATABASE
                valueFrom:
                  configMapKeyRef:
                    name: my-configmap
                    key: MYSQL_DB
    

    This YAML file includes both the ConfigMap and Secret within the deployment configuration.

  2. Execute the following command to apply the deployment.yml file.

     kubectl apply -f deployment.yml -n <namespace-name>
    

  3. Verify the creation of pods by inspecting the status of pods within your designated namespace.

     kubectl get pods -n <namespace>
    

Conclusion

In conclusion, we have seen the fundamentals of ConfigMaps and Secrets in Kubernetes. These resources provide an efficient way to manage configuration data and sensitive information, promoting a more secure and scalable Kubernetes environment.

If you found this blog helpful and are as passionate about Kubernetes and DevOps as I am, let's connect on LinkedIn. I'm eager to build a network of like-minded professionals, share insights, and foster collaborations that drive innovation in the world of technology.

invite you to connect with me on LinkedIn linkedin.com/in/gaurav-gawande-profile for engaging discussions on Kubernetes, DevOps, and all things related.