Mastering ConfigMaps and Secrets in Kubernetes.

Mastering ConfigMaps and Secrets in Kubernetes.

ยท

4 min read

What are ConfigMaps and Secrets in K8s?

  • In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

Example:

  • Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need information to function properly.

  • ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labeled folders (key-value pairs).

  • Secrets, on the other hand, are like a safe where you keep the important, sensitive information that shouldn't be accessible to just anyone (encrypted data).

  • So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure!

Caution: ConfigMap does not provide secrecy or encryption. If the data you want to store are confidential, use a Secret rather than a ConfigMap, or use additional (third party) tools to keep your data private.

So before starting the task let's do the necessary installation and setup.

  • Before Doing the task let's set up the git repository for the same and push the code to the repository.

Steps to follow: Here we will use AWS for Deployment and Git for version control.

Step-01: Open your terminal or any other cloud service.

Step-02: Update and install Docker on your machine.

sudo apt update
sudo apt install docker.io

Step-03: Now give Docker permission for the super user of your local machine.

sudo usermod -aG docker $USER && newgrp docker

Step-04: Now let's install Minikube.

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube

Screenshot from 2023-04-17 22-19-41

Step-05: Now let's start Minikube.

minikube start
  • let's connect with docker.
minikube start โ€” driver=docker

Step-06: Now let's check the status of Minikube.

minikube status

Step-07: Now we will install the Command line instruction for Minikube which is Kubectl.

  • But first, install snap on your machine.
sudo apt install snap
  • CLI for Minikube is Kubectl.
sudo snap install kubectl --classic

Step-08: Now let's check the version of Kubectl.

kubectl version

Step-09: Now Clone the repository from GitHub. Github Repo link: github.com/LondheShubham153/django-todo-cic..

git clone https://github.com/LondheShubham153/django-todo-cicd.git

Step-10: Now let's check the files in the repository.

ls
cd django-todo-cicd

Task 1:

  • Create a ConfigMap that stores the database credentials and mount it as a volume in the deployment.

  • Let's create a config.yml file.

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
  labels:
    app: django-todo-app
  namespace: deploy1
data:
  MYSQL_DB: "database_todo"
  • This YAML file has the MYSQL_DB which we will use in our deployment.yml file.

  • We have also created a namespace deploy1 for our deployment.

Screenshot from 2023-06-11 13-14-50

  • Before let's create namespace deploy1 using the command:
kubectl create namespace deploy1

Screenshot from 2023-06-11 13-18-36

  • Apply the updated deployment using the command:
kubectl apply -f configmap.yml -n <namespace-name>

Screenshot from 2023-06-11 13-19-21

  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
kubectl get configmaps -n <namespace-name>

Screenshot from 2023-06-11 13-20-27

Task 2:

  • Before we create a secret, we need to create a base64 encoded string of the database password that we will use in our deployment.yml file.

  • I'm taking the following details as secret key:

    Password : test@123

COPY

echo -n 'test@123' | base64
  • For verifying the secret key, we can use the following command:
echo -n 'cm9oaXRAOTkzNg==' | base64 --decode

Screenshot from 2023-06-11 13-17-39

  • Create a Secret that stores the database password and mount it as a volume in the deployment.
apiVersion: v1
kind: Secret
metadata:   
  name: my-secret
  namespace: deploy1
type: Opaque
data:
  password: YWRtaW5AMTIz

Screenshot from 2023-06-11 13-17-02

  • This YAML file has the password which we will use in our deployment.yml file.

  • We have also created a namespace deploy1 for our deployment.

what is the Opaque type?

  • The opaque type is used to store arbitrary data in secret objects.

  • Apply the updated deployment using the command:

kubectl apply -f secret.yml -n <namespace-name>

Screenshot from 2023-06-11 13-19-21

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secrets -n <namespace-name>

Screenshot from 2023-06-11 13-25-05

Task 3:

  • Now let's create a deployment.yml file for our deployment in which we add both configmap and secret in the deployment file.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mysql-configuration
   labels:
     app: mysql
   namespace: deploy1 
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: mysql
   template:
     metadata:
       labels:
         app: mysql
     spec:
       containers:
       - name: mysql-container
         image: mysql:8
         ports:
         - containerPort: 3306
         env:
         - name: MYSQL_ROOT_PASSWORD
           valueFrom:
             secretKeyRef:
               name: my-secret
               key: password
         - name: MYSQL_DATABASE
           valueFrom:
             configMapKeyRef:
               name: my-configmap
               key: MYSQL_DB
  • In this yaml file, we have added both configmap and secret in the deployment file.

Screenshot from 2023-06-11 13-34-10

  • Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
kubectl get pods -n <namespace>
ย