Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

·

4 min read

Kubernetes, often lovingly called K8s, can feel like a complex spaceship dashboard. Managing all the settings for your application containers efficiently is crucial. This is where ConfigMaps and Secrets come to the rescue. Let's break these concepts down into bite-sized pieces for beginners.

🗺️ What Are ConfigMaps and Secrets?

ConfigMaps

Think of ConfigMaps as the file cabinet for your spaceship's parts (containers). They store important settings and information neatly, like labelled folders.

What ConfigMaps Do:

  • Store Configuration Data: ConfigMaps save the configuration data your containers need to operate. This can be things like database URLs, API endpoints, or simple text settings.

  • Easy Organization: They help keep your settings organized, making it simple to access and modify them.

  • Works with Any Container: ConfigMaps are versatile and can be used with any containerized application in Kubernetes.

🔐Secrets

Secrets are like a secure vault on your spaceship, where you keep sensitive information safe from prying eyes.

Why Secrets Matter:

  • Security First: Secrets encrypt sensitive data like passwords, API keys, and certificates, making it extremely difficult for unauthorized folks to access.

  • Built-in Encryption: Kubernetes automatically encrypts data stored in Secrets, adding an extra layer of protection.

  • Access Control: You can control who gets access to Secrets, ensuring only authorized containers or users can get their hands on sensitive information.

⌨️Hands-On

Task 1: Creating a ConfigMap

Let's start by creating a ConfigMap and integrating it into a Kubernetes deployment.

Step 1: Create a ConfigMap

  • You can create a ConfigMap using a file or the command line. Here's a simple command-line example:

      kubectl create configmap my-config --from-literal=DATABASE_URL=example.com --from-literal=DEBUG=true -n <namespace-name>
    
  • Create a configMap.yml file using vim / nano and apply it !!

      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: mysql-config
        labels:
          app: todo
      data:
        MYSQL_DB: "todo-db"
    

Step 2: Update Deployment Configuration

  • Now, modify your deployment YAML file to include the ConfigMap. Add an env section under your container spec, referencing the keys such as env variable name , from where it will take the value (configMap) and pass the key and password from the ConfigMap:

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: mysql
        labels:
          app: mysql
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: mysql
        template:
          metadata:
            labels:
              app: mysql
          spec:
            containers:
            - name: mysql
              image: mysql:8
              ports:
              - containerPort: 3306
              env:
              - name: MYSQL_ROOT_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: mysql-secret
                    key: password/
    

Step 3: Apply the Updated Deployment

  • Apply your updated deployment using this command:

    We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.

    kubectl apply -f deployment.yml --dry-run=client

    kubectl apply -f deployment.yml -n <namespace>

Step 4: Verify the ConfigMap

To ensure your ConfigMap is created correctly, check the status of ConfigMaps in your namespace:

  • To apply it , we can use kubectl apply -f configMap.yml -n <namespace> or

    We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.

    kubectl apply -f deployment.yml --dry-run=client

      # apply the configMaps
      kubectl get configmaps -n <namespace-name>
    

Task 2: Creating a Secret

Now, let's delve into creating a Secret to securely store sensitive data.

Step 1: Create a Secret

  • You can create a Secret using a file or the command line. Here's a basic command-line example:

      kubectl create secret generic my-secret --from-literal=API_KEY=my-secret-key -n <namespace-name>
    
      apiVersion: v1
      kind: Secret
      metadata:
        name: mysql-secret
      type: Opaque
      data:
        password: dHJhaW53aXRoc2h1YmhhbQ==
    
  • To apply it , we can use kubectl apply -f secret.yml -n <namespace> or

    We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.

    kubectl apply -f secret.yml --dry-run=client

Step 2: Update Deployment Configuration

  • To use the Secret in your deployment, update your deployment YAML file. Add an env section under your container spec, referencing the Secret's key:

    
              - name: MYSQL_DATABASE
                valueFrom:
                  configMapKeyRef:
                    name: mysql-config
                    key: MYSQL_DB
    
  • Add the above in the deployment.yml and apply it !!

Step 3: Apply the Updated Deployment

  • Apply the updated deployment using the same command as before:

      kubectl apply -f deployment.yml -n <namespace-name>
    
  • Apply your updated deployment using this command:

    We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.

    kubectl apply -f deployment.yml --dry-run=client

    kubectl apply -f deployment.yml -n <namespace>

Step 4: Verify the Secret

  • To make sure your Secret is created successfully, check the status of Secrets in your namespace:

      kubectl get secrets -n <namespace-name>
    

And there you have it! You've just navigated the basics of ConfigMaps and Secrets in Kubernetes. These tools are your trusty sidekicks for managing settings and safeguarding sensitive information within your Kubernetes applications. So, go ahead, explore Kubernetes with confidence, and keep your spaceship running smoothly! 🚀🔑🛡️

Note: Replace <namespace-name> with the actual namespace where your deployment resides.

And there you have it! You've just navigated the basics of ConfigMaps and Secrets in Kubernetes

Happy Learning :D