Mastering ConfigMaps and Secrets In K8S for Smooth Deployment | Day35 | 90DaysofDevOps

ConfigMaps: Your File Cabinet of Knowledge 🗄️

ConfigMaps acts as the organized file cabinet of your spaceship. In this metaphor, each piece of information needed by different components is stored neatly in labeled folders represented by key-value pairs. Whether it's database connection strings, API endpoints, or any configuration data, ConfigMaps ensures that each part of your spaceship has easy access to the information it requires.

Let's embark on our first task:

Task 1: ConfigMaps for Smooth Sailing 🚢

1. Create a ConfigMap for your Deployment:

   • You can create a ConfigMap using either a file or the command line. For example, you might have a file named configmap.yaml:

       apiVersion: v1
       kind: ConfigMap
       metadata:
         name: mysql-configmap
       data:
         MYSQL_HOST: mysql
         MYSQL_USER: root
         MYSQL_DATABASE: mydb
     

   • Or, create it via the command line:

       kubectl create configmap my-configmap --from-literal=MYSQL_HOST=mysql --from-literal=MYSQL_USER=root --from-literal=MYSQL_DATABASE=mydb -n <namespace-name>
     

2. Update the deployment.yml file to include the ConfigMap:

   • Modify your deployment.yml to reference the ConfigMap. For example:

       apiVersion: apps/v1
       kind: Deployment
       metadata:
         name: two-tier-app
         labels: 
           app: two-tier-app
       spec:
          replicas: 1
          selector: 
            matchlabels:
              app: two-tier-app 
         template:
           metadata: 
             labels:
               app: two-tier-app 
           spec:
             containers:
             - name: two-tier-app
               image: 'trainwithshubham/flaskapp:latest'
               env:
               - name: MYSQL_DATABASE
                 valueFrom:
                   configMapKeyRef:
                     name: mysql-configmap
                     key: MYSQL_DATABASE
                  ports:
                    - containerPort: 5000
                  imagePullPolicy: Always
     

3. Apply the updated deployment:

   • Execute the following command to apply the changes:

       kubectl apply -f deployment.yml
     

4. Verify ConfigMap creation:

   • Confirm that the ConfigMap has been created by checking the status of ConfigMaps in your Namespace:

       kubectl get configmaps -n <namespace-name>
     

Secrets: Safeguarding Sensitive Information 🔒

In our space odyssey, some information is so crucial that it should be locked away securely. Secrets serve as the fortified safe where you store sensitive data, such as API keys, passwords, or any confidential information.

Task 2: Secrets for Enhanced Security 🛡️

1. Create a Secret for your Deployment:

   • Similar to ConfigMaps, Secrets can be created from a file or the command line. Consider a file named secret.yaml:

       apiVersion: v1
       kind: Secret
       metadata:
         name: mysql-secret
         namespace: mysql
         labels:
           app: mysql
       type: Opaque
       data:
         MYSQL_DATABASE: <base64-encoded-password>
     

   • Alternatively, use the command line:

       kubectl create secret generic my-secret --from-literal=MYSQL_PASSWORD=<base64-encoded-password> -n <namespace-name>
     

2. Update the deployment.yml file to include the Secret:

   • Modify your deployment.yml to reference the Secret. For instance:

       apiVersion: apps/v1
       kind: Deployment
       metadata:
         name: two-tier-app
         labels: 
           app: two-tier-app
       spec:
          replicas: 1
          selector: 
            matchlabels:
              app: two-tier-app 
         template:
           metadata: 
             labels:
               app: two-tier-app 
           spec:
             containers:
              - name: two-tier-app
                image: 'trainwithshubham/flaskapp:latest'
                ports:
                  - containerPort: 5000
                imagePullPolicy: Always
                env:
                  - name: MYSQL_DATABASE
                    valueFrom:
                     configMapKeyRef:
                       name: mysql-configmap
                       key: MYSQL_DATABASE
                  - name: MYSQL_ROOT_PASSWORD
                    valuefrom: 
                      secretKeyRef:
                        name: mysql-secret
                        Key: MYSQL_PASSWORD
     

3. Apply the updated deployment:

   • Apply the changes using the following command:

       kubectl apply -f deployment.yml
     

4. Verify Secret creation:

   • Confirm that the Secret has been created by checking the status of Secrets in your Namespace:

       kubectl get secrets -n <namespace-name>
     

You can find all the configuration files for this project in the git repository: avanishnit08/two-tier-flask-app (github.com)

Conclusion:

In the vast expanse of Kubernetes, ConfigMaps and Secrets act as crucial tools for maintaining order and security within your spaceship. By utilizing them effectively, you ensure that each component receives the necessary information while guarding sensitive data against unauthorized access. May your Kubernetes journey be smooth, and your configurations secure as you navigate the cosmic landscape of container orchestration! 🚀

ConfigMap and Secret are essential tools for managing configuration data and secrets in Kubernetes. They help us keep our deployments consistent, secure, and scalable. By mastering ConfigMap and Secret, we can ensure that our Kubernetes clusters run smoothly and efficiently.

If you want to learn more about ConfigMap and Secret, you can check out these resources:

• Kubernetes Documentation: ConfigMaps

• Kubernetes Documentation: Secrets

• Kubernetes Tutorial: Configure a Pod to Use a ConfigMap

• Kubernetes Tutorial: Distribute Credentials Securely Using Secrets

I hope you enjoyed this blog post on creating ConfigMap and Secret for a two-tier application in Kubernetes. Please leave your feedback or questions in the comments section below.