Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️
Kubernetes, often lovingly called K8s, can feel like a complex spaceship dashboard. Managing all the settings for your application containers efficiently is crucial. This is where ConfigMaps and Secrets come to the rescue. Let's break these concepts down into bite-sized pieces for beginners.
🗺️ What Are ConfigMaps and Secrets?
ConfigMaps
Think of ConfigMaps as the file cabinet for your spaceship's parts (containers). They store important settings and information neatly, like labelled folders.
What ConfigMaps Do:
Store Configuration Data: ConfigMaps save the configuration data your containers need to operate. This can be things like database URLs, API endpoints, or simple text settings.
Easy Organization: They help keep your settings organized, making it simple to access and modify them.
Works with Any Container: ConfigMaps are versatile and can be used with any containerized application in Kubernetes.
🔐Secrets
Secrets are like a secure vault on your spaceship, where you keep sensitive information safe from prying eyes.
Why Secrets Matter:
Security First: Secrets encrypt sensitive data like passwords, API keys, and certificates, making it extremely difficult for unauthorized folks to access.
Built-in Encryption: Kubernetes automatically encrypts data stored in Secrets, adding an extra layer of protection.
Access Control: You can control who gets access to Secrets, ensuring only authorized containers or users can get their hands on sensitive information.
⌨️Hands-On
Task 1: Creating a ConfigMap
Let's start by creating a ConfigMap and integrating it into a Kubernetes deployment.
Step 1: Create a ConfigMap
You can create a ConfigMap using a file or the command line. Here's a simple command-line example:
kubectl create configmap my-config --from-literal=DATABASE_URL=example.com --from-literal=DEBUG=true -n <namespace-name>
Create a configMap.yml file using vim / nano and apply it !!
apiVersion: v1 kind: ConfigMap metadata: name: mysql-config labels: app: todo data: MYSQL_DB: "todo-db"
Step 2: Update Deployment Configuration
Now, modify your deployment YAML file to include the ConfigMap. Add an
env
section under your container spec, referencing the keys such as env variable name , from where it will take the value (configMap) and pass the key and password from the ConfigMap:apiVersion: apps/v1 kind: Deployment metadata: name: mysql labels: app: mysql spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: mysql:8 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secret key: password/
Step 3: Apply the Updated Deployment
Apply your updated deployment using this command:
We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.
kubectl apply -f deployment.yml --dry-run=client
kubectl apply -f deployment.yml -n <namespace>
Step 4: Verify the ConfigMap
To ensure your ConfigMap is created correctly, check the status of ConfigMaps in your namespace:
To apply it , we can use
kubectl apply -f configMap.yml -n <namespace>
orWe can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.
kubectl apply -f deployment.yml --dry-run=client
# apply the configMaps kubectl get configmaps -n <namespace-name>
Task 2: Creating a Secret
Now, let's delve into creating a Secret to securely store sensitive data.
Step 1: Create a Secret
You can create a Secret using a file or the command line. Here's a basic command-line example:
kubectl create secret generic my-secret --from-literal=API_KEY=my-secret-key -n <namespace-name>
apiVersion: v1 kind: Secret metadata: name: mysql-secret type: Opaque data: password: dHJhaW53aXRoc2h1YmhhbQ==
To apply it , we can use
kubectl apply -f secret.yml -n <namespace>
orWe can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.
kubectl apply -f secret.yml --dry-run=client
Step 2: Update Deployment Configuration
To use the Secret in your deployment, update your deployment YAML file. Add an
env
section under your container spec, referencing the Secret's key:- name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: mysql-config key: MYSQL_DB
Add the above in the deployment.yml and apply it !!
Step 3: Apply the Updated Deployment
Apply the updated deployment using the same command as before:
kubectl apply -f deployment.yml -n <namespace-name>
Apply your updated deployment using this command:
We can use dry-run : without actually submitting it, you can preview the object that would be sent to your cluster.
kubectl apply -f deployment.yml --dry-run=client
kubectl apply -f deployment.yml -n <namespace>
Step 4: Verify the Secret
To make sure your Secret is created successfully, check the status of Secrets in your namespace:
kubectl get secrets -n <namespace-name>
And there you have it! You've just navigated the basics of ConfigMaps and Secrets in Kubernetes. These tools are your trusty sidekicks for managing settings and safeguarding sensitive information within your Kubernetes applications. So, go ahead, explore Kubernetes with confidence, and keep your spaceship running smoothly! 🚀🔑🛡️
Note: Replace <namespace-name>
with the actual namespace where your deployment resides.
And there you have it! You've just navigated the basics of ConfigMaps and Secrets in Kubernetes
Happy Learning :D