What are ConfigMaps and Secrets in k8s
In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.
Example :- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! ๐
Task 1:
Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using a file or the command line
- Let's create a config.yml file.
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
labels:
app: django-todo-app
namespace: deploy1
data:
MYSQL_DB: "database_todo"
This YAML file has the
MYSQL_DBwhich we will use in ourdeployment.ymlfile.We have also created a namespace
deploy1for our deployment.
- Before let's create namespace
deploy1using the command:
- Apply the updated deployment using the command:
kubectl apply -f configmap.yml -n <namespace-name>
- Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
kubectl get configmaps -n <namespace-name>
Task 2:
Before we create a secret, we need to create a
base64encoded string of thedatabase passwordthat we will use in ourdeployment.ymlfile.I'm taking the following details as secret key:
following details as secret key:
Password:test123
echo -n 'test123' | base64
- For verifying the secret key, we can use the following command:
echo -n 'dGVzdDEyMw==' | base64 --decode
Create a Secretthat stores thedatabase passwordandmount it as a volumein thedeployment.
apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: deploy1
type: Opaque
data:
password: dGVzdDEyMw==
This YAML file has the
passwordwhich we will use in ourdeployment.ymlfile.We have also created a namespace
deploy1for our deployment.
what is the Opaque type?
The opaque type is used to store arbitrary data in secret objects.
Apply the updated deployment using the command:
kubectl apply -f secret.yml -n <namespace-name>
- Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secrets -n <namespace-name>
Task 3:
- Now let's create a
deployment.ymlfile for our deployment in which we add bothconfigmapandsecretin the deployment file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-configuration
labels:
app: mysql
namespace: deploy1
spec:
replicas: 2
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql-container
image: mysql:8
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: my-configmap
key: MYSQL_DB
- In this yaml file, we have added both
configmapandsecretin the deployment file.
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
kubectl get pods -n <namespace>
