What are ConfigMaps and Secrets in K8s?
- In Kubernetes,
ConfigMaps
andSecrets
are used to store configuration data and secrets, respectively. ConfigMaps store configurationdata as key-value pairs
, while Secretsstore sensitive data in an encrypted form
.
Example:
Imagine you're
in charge of a big spaceship (Kubernetes cluster)
with lots of different parts (containers) that need information to function properly.ConfigMaps are like a file cabinet where you
store all the information
each part needs in simple, labeled folders (key-value pairs).Secrets, on the other hand, are like a safe where you keep the important,
sensitive information
that shouldn't be accessible to just anyone (encrypted data).So, using
ConfigMaps and Secrets
, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs towork properly
andkeep sensitive information secure!
Caution:
ConfigMap does not provide secrecy or encryption
. If the data you want to store are confidential
, use a Secret rather than a ConfigMap, or use additional (third party) tools to keep your data private
.
So before starting the task let's do the necessary installation and setup.
- Before Doing the task let's set up the git repository for the same and push the code to the repository.
Steps to follow:
Here we will use AWS for Deployment and Git for version control.
Step-01
: Open your terminal or any other cloud service.
Step-02
: Update and install Docker
on your machine.
sudo apt update
sudo apt install docker.io
Step-03
: Now give Docker permission for the super user of your local machine.
sudo usermod -aG docker $USER && newgrp docker
Step-04
: Now let's install Minikube
.
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
Step-05
: Now let's start Minikube
.
minikube start
- let's connect with docker.
minikube start โ driver=docker
Step-06
: Now let's check the status of Minikube
.
minikube status
Step-07
: Now we will install the Command line instruction for Minikube which is Kubectl
.
- But first, install snap on your machine.
sudo apt install snap
- CLI for Minikube is Kubectl.
sudo snap install kubectl --classic
Step-08
: Now let's check the version of Kubectl
.
kubectl version
Step-09
: Now Clone the repository from GitHub. Github Repo link: github.com/LondheShubham153/django-todo-cic..
git clone https://github.com/LondheShubham153/django-todo-cicd.git
Step-10
: Now let's check the files in the repository.
ls
cd django-todo-cicd
Task 1:
Create a ConfigMap
that stores thedatabase credentials
andmount it as a volume
in thedeployment
.Let's create a config.yml file.
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
labels:
app: django-todo-app
namespace: deploy1
data:
MYSQL_DB: "database_todo"
This YAML file has the
MYSQL_DB
which we will use in ourdeployment.yml
file.We have also created a namespace
deploy1
for our deployment.
- Before let's create namespace
deploy1
using the command:
kubectl create namespace deploy1
- Apply the updated deployment using the command:
kubectl apply -f configmap.yml -n <namespace-name>
- Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
kubectl get configmaps -n <namespace-name>
Task 2:
Before we create a secret, we need to create a
base64
encoded string of thedatabase password
that we will use in ourdeployment.yml
file.I'm taking the following details as secret key:
Password
:test@123
COPY
echo -n 'test@123' | base64
- For verifying the secret key, we can use the following command:
echo -n 'cm9oaXRAOTkzNg==' | base64 --decode
Create a Secret
that stores thedatabase password
andmount it as a volume
in thedeployment
.
apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: deploy1
type: Opaque
data:
password: YWRtaW5AMTIz
This YAML file has the
password
which we will use in ourdeployment.yml
file.We have also created a namespace
deploy1
for our deployment.
what is the Opaque type?
The opaque type is used to store arbitrary data in secret objects.
Apply the updated deployment using the command:
kubectl apply -f secret.yml -n <namespace-name>
- Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secrets -n <namespace-name>
Task 3:
- Now let's create a
deployment.yml
file for our deployment in which we add bothconfigmap
andsecret
in the deployment file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-configuration
labels:
app: mysql
namespace: deploy1
spec:
replicas: 2
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql-container
image: mysql:8
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: my-configmap
key: MYSQL_DB
- In this yaml file, we have added both
configmap
andsecret
in the deployment file.
- Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
kubectl get pods -n <namespace>