Sarika's DevOps Journey
👨‍💻Day 35 - Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

👨‍💻Day 35 - Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

Sarika Kamble's photo
Sarika Kamble
·

4 min read

Table of contents

💫What are ConfigMaps and Secrets in k8s

In Kubernetes, a ConfigMap is a resource object that allows you to store configuration data separately from your application code. It is a key-value store where you can store configuration settings, environment variables, or any other configuration-related data that your application needs. ConfigMaps are typically used to decouple configuration from application code, making it easier to manage and update configurations without changing the code itself.

ConfigMaps are often used to store configuration files in a key-value format, such as INI files, JSON, or YAML. When you create a ConfigMap, you specify the configuration data as key-value pairs. This data can then be mounted as volumes in your pods or injected into container environments as environment variables.

Secrets in k8s:

Kubernetes Secret is a way to securely store sensitive information, like passwords or API keys, that your applications running in Kubernetes need. Think of it as a locked safe for your secrets. It helps keep this sensitive data separate from your application code and makes it available to your applications when they need it, like a hidden key to access a treasure chest. This helps ensure the security of your sensitive information and makes it easier to manage.

Here are some key points about Kubernetes Secrets:

  1. Data Storage: Secrets can store arbitrary key-value pairs of data. While they are commonly used for storing credentials, they can also be used for other types of sensitive data.

  2. Base64 Encoding: Data stored in a Secret is base64-encoded. While this encoding is not secure on its own, it provides a basic level of obfuscation. Note that Kubernetes Secrets are not meant to be a strong security solution for highly sensitive data. For more secure storage and management of secrets, you might consider using a specialized secret management tool.

  3. Immutable: Once created, Secrets are intended to be immutable. You cannot update the data stored in a Secret directly. Instead, you should delete and recreate the Secret with the updated data. This is done to maintain a history of changes for auditing purposes.

  4. Use Cases: Secrets can be used in various scenarios, including providing database credentials to applications, supplying API tokens to services, and storing TLS certificates for secure communication.

  5. Mounting Secrets: You can mount Secrets as volumes in pods or inject them as environment variables, making the sensitive data available to your application containers.

💫Task 1:

  • Create a ConfigMap for your Deployment

  • Create a ConfigMap for your Deployment using a file or the command line

  • Update the deployment.yml file to include the ConfigMap

  • Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

Step 1: Create the ConfigMap for our deployment

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config-1
  namespace: default
data:
  index.html: |
    <html>
    <h2> This is Deployment #1 </h2>
    </html>

Step 2: Deploy our ConfigMaps

    kubectl apply -f <file name.yml>

Step 3: Create our Pods Deployment

 apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment-1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-index-config
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-index-config
        configMap:
          name: nginx-config-1

Step 4: Deploy our Nginx Deployments

  kubectl apply -f <file name.yml>

Step 5: Create a service that points to both deployments

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30080

Step 6: Deploy the service

  kubectl apply -f <file name.yml>

Step 7: Test the webpage using the CURL command

💫Task 2:

  • Create a Secret for your Deployment

  • Create a Secret for your Deployment using a file or the command line

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
stringData:
  username: admin
  password: password
  • Update the deployment.yml file to include the Secret

  • Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name>

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: mysql
    labels:
      app: mysql
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: mysql
    template:
      metadata:
        labels:
          app: mysql
      spec:
        containers:
        - name: mysql
          image: mysql:8
          ports:
          - containerPort: 3306
          env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysql-secret
                key: password

To create the Secret, run the following command:

Describing a Kubernetes Secret Using kubectl describe

To create the deployment, run the following command:

📚Happy Learning:)

DevopsKubernetes#90daysofdevops#90daysofdevops chanllenge#90daysofdevopschallengekubernetes-configmapTrainWithShubham