Day 35: Mastering ConfigMaps and Secrets in Kubernetes

Sahil KaushalSahil Kaushal
4 min read

Table of contents

Let’s dive into the details of ConfigMaps and Secrets in Kubernetes.

ConfigMaps

ConfigMaps are used to store non-confidential configuration data in key-value pairs. They allow you to decouple configuration artifacts from image content to keep your containerized applications portable. Here are some key points about ConfigMaps:

  1. Purpose: Store non-sensitive configuration data.

  2. Data Format: Plain text.

  3. Usage: ConfigMaps can be used to inject configuration data into pods as environment variables, command-line arguments, or configuration files.

  4. Creation: You can create a ConfigMap using a YAML file or directly from the command line.

Example of a ConfigMap YAML file:

Step 1: Create a ConfigMap

Using a YAML file.

Create a file named configmap.yaml with the following content:

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
data:
  config1: myValue_1
  config2: myValue_2

To create this ConfigMap, you would use:

kubectl apply -f my-configmap.yaml

You can also create a ConfigMap directly from the command line:

kubectl create configmap my-configmap --from-literal=config1=myValue_1 --from-literal=config2=myValue_2

Step 2: Update the Deployment YAML File

Update your deployment.yml file to include the ConfigMap. Here is an example of how to reference the ConfigMap in your Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: nginx:latest
        envFrom:
        - configMapRef:
            name: my-configmap

Step 3: Apply the Updated Deployment

Apply the updated deployment using the following command:

kubectl apply -f deployment.yml -n <namespace-name>

Replace <namespace-name> with the actual namespace if you are using.

Step 4: Verify the ConfigMap

To verify that the ConfigMap has been created, you can check the status of the ConfigMaps in your namespace:

kubectl get configmaps -n <namespace-name>

This will list all ConfigMaps in the specified namespace, and you should see my-configmap listed.

Secrets

Secrets are similar to ConfigMaps but are designed to store sensitive information, such as passwords, OAuth tokens, and SSH keys. Here are some key points about Secrets:

  1. Purpose: Store sensitive data securely.

  2. Data Format: Base64-encoded.

  3. Usage: Secrets can be used to inject sensitive data into pods as environment variables, command-line arguments, or configuration files.

  4. Creation: You can create a Secret using a YAML file or directly from the command line.

Example of a Secret YAML file:

Step 1: Create a Secret

You can create a Secret using a YAML file or directly from the command line.

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: dGVzdF91c2Vy  # test_user
  password: cGFzc3dvcmQ=  # password

To create this Secret, you would use:

kubectl apply -f my-secret.yaml

Using the command-line.

You can also create a Secret directly from the command line:

kubectl create secret generic my-secret --from-literal=username=test_user --from-literal=password=password

Note: Kubernetes will automatically encode the values in Base64.

Step 2: Update the Deployment YAML File

Update your deployment.yml file to include the Secret. Here is an example of how to reference the Secret in your Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: nginx:latest
        env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

Step 3: Apply the Updated Deployment

Apply the updated deployment using the following command:

kubectl apply -f deployment.yml -n <namespace-name>

Replace <namespace-name> with the actual namespace if you are using.

Step 4: Verify the Secret

To verify that the Secret has been created, you can check the status of the Secrets in your namespace:

kubectl get secrets -n <namespace-name>

This will list all Secrets in the specified namespace, and you should see my-secret listed.

Key Differences

  1. Data Sensitivity: ConfigMaps are for non-sensitive data, while Secrets are for sensitive data.

  2. Data Encoding: ConfigMaps store data in plain text, whereas Secrets store data in Base64-encoded format.

  3. Security: Secrets provide additional security features, such as encryption at rest and access control.

Use Cases

  • ConfigMaps: Use ConfigMaps for application configuration, such as database connection strings, feature flags, and other non-sensitive settings.

  • Secrets: Use Secrets for sensitive information like passwords, API keys, and certificates.

By using ConfigMaps and Secrets, you can manage your application’s configuration and sensitive data more effectively, keeping your containerized applications secure and portable.

Thank you for reading😉.

0
Subscribe to my newsletter

Read articles from Sahil Kaushal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

kubernetes-configmapkubernetes-secretsTrainWithShubham#90daysofdevopsDevops articlesDevOps JourneyKubernetes

Written by

Sahil Kaushal
Sahil Kaushal