Kubernetes Configmaps and secrets : Day 19 of 40daysofkubernetes

Introduction

In modern cloud-native applications, managing configuration and sensitive data efficiently and securely is essential. Kubernetes addresses this need with ConfigMaps and Secrets. ConfigMaps store non-confidential configuration data, enabling dynamic updates and easy application portability. Secrets securely manage sensitive information like passwords and tokens. By separating configuration and sensitive data from application code, Kubernetes enhances security, flexibility, and adherence to best practices. Let's understand these concepts better through hands-on examples.

ConfigMaps

ConfigMap is a Kubernetes resource used to store non-confidential data in key-value pairs. It allows you to decouple configuration artifacts from image content to keep containerized applications portable.

Example

1. Create a Pod with an Environment Variable

    apiVersion: v1
    kind: Pod
    metadata:
      name: myapp
      labels:
        name: myapp-pod
    spec:
      containers:
        - name: myapp-container
          image: busybox:1.28
          command: ['sh', '-c', 'echo The app is running! && sleep 3600']
          env:
            - name: FIRSTNAME
              value: "shivam"
   

   The above YAML file (pod.yaml) creates a pod with the BusyBox image. It sets an environment variable FIRSTNAME within the container. Apply this file and execute into the container to check the environment variable:

    kubectl apply -f pod.yaml
    kubectl exec -it myapp -- sh
    echo $FIRSTNAME  # Output will be "shivam"
   

   

2. Create a ConfigMap

   Next, we'll create a ConfigMap to store these values and inject it into the Pod.

    kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam
   

   

3. Inject ConfigMap into a Pod

   Now, modify the Pod definition to use the ConfigMap:

    yamlCopy codeapiVersion: v1
    kind: Pod
    metadata:
      name: myapp
      labels:
        name: myapp-pod
    spec:
      containers:
        - name: myapp-container
          image: busybox:1.28
          command: ["sh", "-c", "echo The app is running! && sleep 3600"]
          env:
            - name: FIRSTNAME
              valueFrom:
                configMapKeyRef:
                  name: app-cm
                  key: firstname
   

   Apply this YAML file:

    kubectl apply -f pod.yaml
   

   

   When you describe the Pod, you will see that the FIRSTNAME environment variable is now sourced from the ConfigMap.

   

4. Declarative ConfigMap Creation

   If you have many key-value pairs, creating a ConfigMap from the command line can be cumbersome. Instead, you can create it declaratively using a YAML file. You can generate this file with an imperative command:

    kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam --dry-run=client -o yaml > cm.yaml
   

   

   This will generate a cm.yaml file:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: app-cm
    data:
      firstname: shivam
      lastname: gautam
   

   Apply this YAML file:

    kubectl apply -f cm.yaml
   

ConfigMaps can also be used by mounting them as volumes, which we will cover in future posts in this series. You can also learn more about ConfigMaps from the official documentation.

Secret in Kubernetes

Secret is similar to ConfigMap but is used to store confidential data, such as passwords, OAuth tokens, and SSH keys.

For a better understanding, I highly recommend doing some hands-on practice. You can find more detailed information in the official Kubernetes documentation on Secrets.

By using ConfigMaps and Secrets, you can manage configuration and sensitive data efficiently and securely in Kubernetes, making your applications more portable, secure, and easy to manage.

Resources I used