Skip to main content
HashnodeAmit Pawar

Command Palette

Search for a command to run...

Day 35- 90DaysOfDevOps

Mastering ConfigMaps and Secrets in Kubernetes

Published
4 min read
Day 35- 90DaysOfDevOps
A
Amit Pawar

Hey Learners! Welcome back. In the previous task, we understand the concept of services, types of services and how to use different types with examples. Moving forward in this task we'll look for config maps and secrets. Let's start...

What are ConfigMaps and Secrets in K8s

ConfigMap:- While performing application deployment on the K8s cluster, sometimes we need to change the application configuration file depending on the environment like dev, QA, stage, etc.

Changing the application configuration file means we need to change the source code, commit it, create a new image and then go through the complete deployment process. Hence this configuration should be decoupled from image content to keep containerized applications portable.

This is where the K8s config map comes in handy. It allows us to handle configuration files much more efficiently.

Config Maps are useful for storing and sharing non-sensitive unencrypted configuration information, use secrets otherwise.

Config Maps can be used to store fine-grained information like individual properties as entire config files.

Secrets:- If you don't want sensitive information such as a database password or API keys kept in a clear text file.

Secrets provides you with a mechanism to use such information safely and reliably with the following properties.

  • The secret is a namespaced object, that exists in the content of namespaces.

  • You can access them via a volume or an environment variable from a container running in a pod.

  • A pre-secret size limit of 1MB exists.

  • The API server stores secrets as plain text in etcd.

Task 1- Create a ConfigMap for your Deployment. Create a ConfigMap for your Deployment using a file or the command line. Create a configMap.yml file.

ConfigMaps are not intended to act as a replacement for a properties file. ConfigMap can be accessed in the following ways:-

  • An Environmental Variable

  • As a volume mount

Example:- Create a ".conf" file as shown below vim sample.conf

This is an example for configuration file

Now create a configmap<CM> using kubectl create configmap <name-for-CM> --from-file <file-name.conf> command.

Now we use this as an Environmental variable in the ".yml" file as shown below vim envar.yml.

apiVersion: v1
kind: Pod
metadata:
  name: envmap
spec:
  containers:
    - name: testcont
      image: ubuntu
      command: ["/bin/sleep", "365d"]
      env:
        - name: MYENVAR 
          valueFrom:
            configMapKeyRef:
              name: testmap
              key: sample.conf

Create the pod using kubectl apply -f envar.yml command.

And check whether the environment variable was created or not by executing the container. Use exec -it <container-name> -- <command> command to execute the container.

or

Now we can use this as a volume mount in a ".yml" file as shown below vim mountvar.yml

apiVersion: v1
kind: Pod
metadata:
  name: mountvarmap
spec:
  containers:
    - name: testcont2
      image: ubuntu
      command: ["/bin/sleep", "365d"]
      volumeMounts:
        - name: testconfmap
          mountPath: "/tmp/config/"
  volumes:
    - name: testconfmap
      configMap:
        name: testmap #this should be same as configMap created earlier stage
        items:
          - key: sample.conf
            path: sample.conf

Create the pod using kubectl apply -f mountvar.yml command.

And check whether the file is mounted on a specified directory or not by executing the container. To execute the container use kubectl exec -it <container-name> -- <command>

Hope you will get some idea about how to use config map and how to use it as an environmental variable or directly mount it in volume.

Task 2- Create a Secret for your Deployment. Create a secret for your Deployment using a file or the command line. Create a secret.yml file.

We can use ConfigMap as environmental variables or mount directly as a volume. Secrets can be stored in or created from a Text File or YAML file.

Example:-

By creating text files. Create two text files as username and passwd.

create a secret using kubectl create secret generic mysec --from-file=username.txt --from-file=passwd.txt command and use kubectl describe secret mysec command to describe the secret created.

Create one YAML file as shown below. vim secret.yml

apiVersion: v1
kind: Pod
metadata:
  name: secret
spec:
  containers:
    - name: testcont3
      image: ubuntu
      command: ["/bin/sleep", "365d"]
      volumeMounts:
        - name: testsecret
          mountPath: "/tmp/secret/"
  volumes:
    - name: testsecret
      secret:
        secretName: mysec  #this should be same as secret created earlier stage

Check whether secrets are available or not in the specified directory by executing the container.

Using the YAML configuration file

Create a secret2.yml file using the vim secret.yml command and this should look like below

apiVersion: v1
kind: Secret
metadata:
  name: newsec
type: opaque
data:
  username: cm9vdAo=
  passwd: TXlwYXNzd2RAMTIzCg==

Ref

Now create a secret with the YAML configuration file as follows

Now you can use this secret in any Deployment/Pod object configuration file as we created in the secret.yml file above. (Change secretName in file).

This is how we can use ConfigMap and Secret to store the data.

Thank you so much for taking the time to read till the end! Hope you found this blog informative.

Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.

Find me on:- Hashnode LinkedIn Github

Happy Learning!

#day35#90daysofdevops#kubernetes#configmap#secrets

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Amit Pawar

88 posts