Chirag Manglik's Blog

Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

Chirag Manglik's photo
Chirag Manglik
·

3 min read

Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

Configmaps in Kubernetes:-

In Kubernetes, ConfigMaps are a way to decouple configuration artefacts from containerized applications. They provide a mechanism to store key-value pairs or configuration files that can be consumed by pods or other system components.

ConfigMaps are useful for separating configuration concerns from application code, making it easier to manage and update configurations without changing the application itself.

Here's a brief overview of how ConfigMaps work:

  1. Creating a ConfigMap: You can create a ConfigMap using either imperative commands or declarative YAML manifests. Here's an example YAML manifest for a simple ConfigMap:

     yamlCopy codeapiVersion: v1
 kind: ConfigMap
 metadata:
   name: example-config
 data:
   key1: value1
   key2: value2

    Apply this manifest using kubectl apply -f configmap.yaml.

  2. Using ConfigMaps in Pods: Once you have a ConfigMap, you can reference it in a Pod's specification. There are two ways to consume ConfigMaps in a Pod:

    • Environment Variables:

        yamlCopy codespec:
    containers:
      - name: mypod
        image: myimage
        envFrom:
          - configMapRef:
              name: example-config

    • Volumes:

        yamlCopy codespec:
    containers:
      - name: mypod
        image: myimage
        volumeMounts:
          - name: config-volume
            mountPath: /etc/config
    volumes:
      - name: config-volume
        configMap:
          name: example-config

The ConfigMap keys become file names in the mounted volume.

  1. Updating ConfigMaps: If you need to update the configuration, you can edit the ConfigMap directly or use the kubectl apply command to apply changes from an updated manifest.

     bashCopy codekubectl apply -f updated-config map.yaml

  2. Watching ConfigMap Changes: Pods using ConfigMaps automatically update when the ConfigMap changes. For example, if you change a key-value pair or add a new one, the associated Pods will be updated with the new configuration.

Secrets in Kubernetes:-

In Kubernetes, Secrets are objects used to store sensitive information, such as authentication tokens, API keys, and other confidential data. Like ConfigMaps, Secrets help decouple sensitive information from the application code and configuration, enhancing security and manageability. Here's an overview of how Secrets work in Kubernetes:

  1. Creating a Secret: You can create a Secret using either imperative commands or declarative YAML manifests. There are different types of Secrets, such as generic secrets, TLS secrets, and Docker registry secrets. Here's an example YAML manifest for a generic Secret:

     yamlCopy codeapiVersion: v1
 kind: Secret
 metadata:
   name: example-secret
 type: Opaque
 data:
   username: <base64-encoded-username>
   password: <base64-encoded-password>

    The values for username and password are base64-encoded. You can encode values using the echo command or online base64 encoding tools.

  2. Using Secrets in Pods: Once you have a Secret, you can reference it in a Pod's specification. There are two ways to consume Secrets in a Pod:

    • Environment Variables:

        yamlCopy codespec:
    containers:
      - name: mypod
        image: myimage
        env:
          - name: SECRET_USERNAME
            valueFrom:
              secretKeyRef:
                name: example-secret
                key: username
          - name: SECRET_PASSWORD
            valueFrom:
              secretKeyRef:
                name: example-secret
                key: password

    • Volumes:

        yamlCopy codespec:
    containers:
      - name: mypod
        image: myimage
        volumeMounts:
          - name: secret-volume
            mountPath: /etc/secret
    volumes:
      - name: secret-volume
        secret:
          secretName: example-secret

In the case of volumes, the Secret's data is mounted as files in the specified path.

  1. Updating Secrets: Similar to ConfigMaps, if you need to update sensitive information, you can edit the Secret directly or use the kubectl apply command to apply changes from an updated manifest.

     bashCopy codekubectl apply -f updated-secret.yaml

  2. Watching Secret Changes: Pods using Secrets automatically update when the Secret changes. If you update the values in a Secret, the associated Pods will be updated with the new credentials.

Today's Task:-

  • Create a Secret for your Deployment

  • Create a Secret for your Deployment using a file or the command line

  • Update the deployment.yml file to include the Secret

Day 35 of #90daysofDevOps

Thanks for reading

Follow me for more about DevOps♾️........

________________________________________________________________________________

#90daysHardChallenge

#Cloudcomputing

#DevOps

#Python

#TrainWithShubham

DevopsCloudKubernetesTrainWithShubhamtechnology