Day 35 of #90daysofdevops
Hey Techies! Welcome to this blog
In this blog, we are going to start with Mastering ConfigMaps and Secrets in Kubernetes
What are ConfigMaps and Secrets in k8s
A ConfigMap is an API object that stores configuration data for other objects. It lets you decouple environment-specific configuration from container images, so moving your applications gets easier.
Kubernetes Secrets contain small amounts of sensitive data, such as passwords, tokens, or keys. This type of information might be put in pod specs or a container image. However, thanks to a Secret, you can keep your confidential data separate from your app code.
You can create a Secret independently of the pod that uses it. This ability reduces the risk of the data being exposed in the process of creating and editing your pods.
Task 1:
Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using a file or the command line
apiVersion: v1
kind: ConfigMap
metadata:
name: todo-app
data:
name: django-todo-app
application: todo-app
protocol: TCP
Apply the changes using :
kubectl apply -f configMap.yaml
Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1 kind: Deployment metadata: name: config-todo-app labels: app: todo namespace: todo-app spec: replicas: 2 selector: matchLabels: app: todo template: metadata: labels: app: todo spec: containers: - name: todo image: trainwithshubham/django-todo:latest ports: - containerPort: 8000 env: - name: TODO_APP valueFrom: configMapKeyRef: name: todo-app key: application- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
- Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
The given command displays list of all ConfigMaps in your namespace
kubectl get configmaps -n <namespace-name>
The describe command is used to display the status imformation of all the ConfigMaps in your namespace.
kubectl describe configmap <configmap-name> -n <namespace-name>
This command displays the list of pods:
kubectl get pod -n <namespace-name>
Now, lets go inside one of the pods and see the key-value pair we declared earlier in the ConfigMap.
kubectl -n <namespace-name> -it <pod-name> -- bash
Task 2:
Create a Secret for your Deployment
Create a Secret for your Deployment using a file or the command line
apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: username: YWRtaW4= # base64 encoded value for "admin" password: cGFzc3dvcmQyOTA2 # base64 encoded value for "password123"In this example, we’re creating a Secret called
my-secretwith two keys:usernameandpassword. The values for these keys are base64-encoded, so that the encoded sensitive information can be stored as plain text in a file.Lets apply the changes of
secret.yaml:kubectl apply -f secret.yaml -n <namespace-name>- Update the
deployment.yamlfile to include the Secret
- Update the
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-demo
labels:
app: todo
namespace: todo-app
spec:
replicas: 2
selector:
matchLabels:
app: todo
template:
metadata:
labels:
app: todo
spec:
containers:
- name: todo
image: trainwithshubham/django-todo:latest
ports:
- containerPort: 8000
env:
- name: env_secret
valueFrom:
secretKeyRef:
name: my-secret
key: password
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
- Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
You can use the following command to verify that the Secret has been created :
kubectl get secrets -n <namespace-name>
To view the details of a specific Secret:
kubectl describe secret <secret-name> -n <namespace-name>
To see the key-value pairs of an environment variable in a ConfigMap inside a pod :
kubectl get pod -n <namespace-name>
kubectl exec -it <pod-name> -n <namespace-name> -- bash
That's it! You've just completed the task. 🎉
Thank you so much for taking the time to read till the end! Hope you found this blog informative and helpful.
Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.
Happy Learning!
~kritika :)