Table of contents
What are ConfigMaps and Secrets in k8s
ConfigMaps and Secrets in Kubernetes are used to manage and provide configuration data to applications running within a cluster.
ConfigMaps: ConfigMaps is a way to store and manage configuration data in Kubernetes. They allow you to decouple the configuration from the application code, making it easier to manage and update configurations without modifying the application itself. ConfigMaps can store key-value pairs or configuration files and are typically used for non-sensitive data, such as environment variables, command-line arguments, or configuration files needed by your application.
Secrets: Secrets are similar to ConfigMaps, but they are specifically designed for storing sensitive information, such as passwords, API keys, or TLS certificates. Secrets are encoded and stored securely within Kubernetes. They can be used to provide sensitive data to your applications without exposing them directly in the deployment configuration or source code. Secrets can be mounted as files or exposed as environment variables within the application's containers.
Both ConfigMaps and Secrets are created using YAML definitions and can be referenced within your application's deployment configuration. They provide a way to manage and propagate configuration data and sensitive information to your applications consistently across the Kubernetes cluster.
Example:- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need the information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure!
Task 1:
Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using a file or the command line
kind: ConfigMap
apiVersion: v1
metadata:
name: mysql-config
labels:
app: todo-app
namespace: my-todo-app
data:
MYSQL_DB: "todo-db"
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
kubectl apply -f config.yml
- Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
Task 2:
Create a Secret for your Deployment
Create a Secret for your Deployment using a file or the command line
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
namespace: my-todo-app
type: Opaque
data:
password: QXJuYXZkZXZvcHMK
- We can Encode & decode the Base64 key by ourselves.
# To Decode Base64 key
echo "QXJuYXZkZXZvcHMK" | base64 --decode
# To Encode Base64 key
echo "Arnavdevops" | base64
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
kubectl apply -f secret.yml
- Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
Now update the deployment.yml file to include the configMap & Secret
- Now update the deployment.yml file to include the configMap & Secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
namespace: my-todo-app
spec:
replicas: 3
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-config
key: MYSQL_DB
- Apply the updated deployment using the command
- verify whether the pods running or not by running the below command
Thank you for reading. I hope you were able to understand and learn something new from my blog.
Happy Learning!
Please follow me on Hashnode and do connect with me on LinkedIn ArnavSingh.