top of page
Writer's picturevP
Nov 24, 20232 min read

ConfigMaps and Secrets in Kubernetes - Day 55

Hello and welcome back to our #90DaysOfDevOps journey! Today, we'll be exploring the powerful tools of ConfigMaps and Secrets in Kubernetes, essential for managing configuration data and safeguarding sensitive information.


Understanding ConfigMaps

In Kubernetes, a ConfigMap is an API resource that provides a way to inject configuration data into pods. It allows you to decouple configuration artifacts from containerized applications, enhancing portability.


Here's a basic example of a ConfigMap manifest:

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-config
data:
  database_url: "mysql://db.example.com"
  api_key: "supersecretapikey"

This ConfigMap, named my-config, holds key-value pairs representing configuration data.


Managing ConfigMaps in Pods

Once you have a ConfigMap, you can inject its data into a Pod's environment or files.


Injecting ConfigMap Data into Environment Variables

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mycontainer
    image: myimage
    env:
      - name: DATABASE_URL
        valueFrom:
          configMapKeyRef:
            name: my-config
            key: database_url

This Pod configuration injects the DATABASE_URL environment variable with the value from the database_url key in the my-config ConfigMap.


Injecting ConfigMap Data into Files

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mycontainer
    image: myimage
    volumeMounts:
    - name: config-volume
      mountPath: "/etc/config"
  volumes:
  - name: config-volume
    configMap:
      name: my-config

This configuration mounts the my-config ConfigMap as a volume at the path /etc/config in the Pod.


Managing Secrets

While ConfigMaps are great for non-sensitive data, Kubernetes provides another resource called Secrets specifically designed for managing confidential information.


Creating a Secret

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: dXNlcm5hbWU=
  password: cGFzc3dvcmQ=

This Secret, named my-secret, holds base64-encoded username and password values.


Using Secrets in Pods

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mycontainer
    image: myimage
    env:
      - name: DB_USERNAME
        valueFrom:
          secretKeyRef:
            name: my-secret
            key: username
      - name: DB_PASSWORD
        valueFrom:
          secretKeyRef:
            name: my-secret
            key: password

Here, the Pod uses the DB_USERNAME and DB_PASSWORD environment variables sourced from the my-secret Secret.


In Practice: ConfigMaps and Secrets

  1. Create a ConfigMap: Use kubectl apply -f configmap.yaml to create a ConfigMap.

  2. Inject ConfigMap in Pod: Deploy a Pod using kubectl apply -f pod-with-configmap.yaml to see how ConfigMap data is injected.

  3. Create a Secret: Use kubectl apply -f secret.yaml to create a Secret.

  4. Use Secret in Pod: Deploy another Pod using kubectl apply -f pod-with-secret.yaml to observe how Secrets are utilized.

ConfigMaps and Secrets are versatile tools for handling configuration data and sensitive information in Kubernetes. By mastering these resources, you enhance the flexibility and security of your applications.


Thank you for reading!


*** Explore | Share | Grow ***

5 views0 comments

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page