#90DaysOfDevOps Challenge - Day 35 - Mastering ConfigMaps and Secrets in Kubernetes

#90DaysOfDevOps Challenge - Day 35 - Mastering ConfigMaps and Secrets in Kubernetes

Welcome to Day 35 of the #90DaysOfDevOps challenge. Today, we will delve into the powerful concepts of ConfigMaps and Secrets in Kubernetes. As you progress in your DevOps journey, understanding how to effectively manage configuration data and sensitive information is crucial. Let's explore ConfigMaps and Secrets and learn how to leverage them in your Kubernetes deployments.

What are ConfigMaps and Secrets in Kubernetes?

In Kubernetes, ConfigMaps and Secrets are used to store configuration data and sensitive information, respectively. They provide a convenient way to manage application-specific configurations and ensure the secure handling of sensitive data within your cluster.

ConfigMaps

ConfigMaps store configuration data as key-value pairs or as files. They act as a centralized repository for your application's configurations. Each key-value pair or file in a ConfigMap represents a specific configuration setting that can be accessed by your containers.

Secrets

Secrets are similar to ConfigMaps but are specifically designed to handle sensitive information. They store sensitive data, such as API keys, passwords, and certificates, in an encrypted form. Secrets provide an additional layer of security by ensuring that the sensitive data is accessible only to authorized entities.

Why Use ConfigMaps and Secrets?

By utilizing ConfigMaps and Secrets, you can achieve the following benefits:

1. Centralized Configuration Management: ConfigMaps allow you to store all the necessary configuration data in a single location. This enables easy management and updates of configurations without modifying your application code or container images.

2. Environment Consistency: ConfigMaps ensures that each component or container within your Kubernetes cluster receives the required configuration settings consistently. This promotes uniform behaviour across your application, simplifying troubleshooting and maintenance.

3. Sensitive Data Protection: Secrets encrypt sensitive information, preventing unauthorized access. Kubernetes handles the encryption and decryption automatically, ensuring secure transmission and storage of sensitive data.

4. Separation of Concerns: ConfigMaps and Secrets enable a clear separation between application configuration and sensitive information. This separation allows different teams or individuals to manage these aspects independently, improving collaboration and security.

You can read more about ConfigMaps & Secrets in the Kubernetes Official Documentation.

Now that we understand the basics, let's dive into today's tasks and learn how to create ConfigMaps and Secrets for your deployments in Kubernetes.

Task 1 - Creating a ConfigMap for Your Deployment

  • Create a configmap.yml file and include the desired configurations.

      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: todo-configmap
        namespace: dev
      data:
        APP_NAME: "Todo App"
        ENVIRONMENT: "Development"
    
  • Run the following command to create the ConfigMap:

      kubectl apply -f configmap.yml -n dev
    

    This will create the ConfigMap named todo-configmap in the dev namespace.

  • Update the file to include the ConfigMap reference. Add the envFrom field under the containers section of the deployment. The updated section should look like this:

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: todo-app
        namespace: dev
        labels:
          app: todo
      spec:
        replicas: 2
        selector:
          matchLabels:
            app: todo
        template:
          metadata:
            labels:
              app: todo
          spec:
            containers:
            - name: todo
              image: estebanmorenoit/my-web-app
              ports:
              - containerPort: 3000
              envFrom:
              - configMapRef:
                  name: todo-configmap
    
  • Apply the updated deployment by running the following command:

      kubectl apply -f deployment.yml -n dev
    

    This will apply the changes to the deployment and create the associated Pods.

  • Check the status of the deployment and ConfigMap by running the following command:

      kubectl get deployment -n dev
      kubectl get configmap -n dev
    

    This will display the status of the deployment and ConfigMap.

  • Use the describe command to get a detailed view of the ConfigMap

      kubectl describe configmap todo-config -n dev
    

    This will provide detailed information about the ConfigMap, including the data stored within it.

  • Navigate inside the Pod and check the environment variable and the application for detailed status.

      kubectl exec -it <pod-name> -n dev -- sh
    

    Replace <pod-name> with the actual name of the Pod. This will give you access to the Pod's shell.

  • Inside the Pod, check the environment variables by running the following command:

      env
    

    This will display the environment variables, including the ones sourced from the ConfigMap.

    In the output, we can find the env variables we've configured using the configmap, APP_NAME and ENVIRONMENT

Task 2 - Creating a Secret for Your Deployment

Generate a Secret using a file or the command line.

  • Create a secret.yml file and define the base64-encoded password.

      apiVersion: v1
      kind: Secret
      metadata:
        name: todo-secret
        namespace: dev
      type: Opaque
      data:
        password: <base64-encoded-password>
    

    To add the password in the above file you need to generate the base64 encoded password.

  • Run the following command to create the Secret:

      kubectl apply -f secret.yml -n dev
    

    This will create the Secret named todo-secret in the dev namespace.

  • Update the deployment.yml file to include the Secret configuration. Add the env field under the containers section of the deployment.

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: todo-app
        namespace: dev
        labels:
          app: todo
      spec:
        replicas: 2
        selector:
          matchLabels:
            app: todo
        template:
          metadata:
            labels:
              app: todo
          spec:
            containers:
              - name: todo
                image: estebanmorenoit/my-web-app
                ports:
                  - containerPort: 3000
                env:
                  - name: PASSWORD
                    valueFrom:
                      secretKeyRef:
                        name: todo-secret
                        key: password
    
  • Apply the updated deployment by running the following command:

      kubectl apply -f deployment.yml -n dev
    

    This will apply the changes to the deployment and create the associated Pods.

  • Check the status of the deployment and Secret by running the following command:

      kubectl get deployment -n dev
      kubectl get secret -n dev
    

    This will display the status of the deployment and Secret.

  • Use the describe command to get a detailed view of the Secret:

      kubectl describe secret todo-secret -n dev
    

    This will provide detailed information about the Secret.

  • Check the running Pods by running the following command:

      kubectl get pods -n dev
    

  • Navigate inside a Pod associated with the deployment by running the following command:

      kubectl exec -it <pod-name> -n dev -- sh
    
  • Inside the Pod, view the environment variable by running the following command:

      echo $PASSWORD
    

    This will display the value of the PASSWORD environment variable, which is sourced from the Secret.

Congratulations on completing today's tasks. You have now gained valuable insights into working with ConfigMaps and Secrets in Kubernetes. Stay tuned for Day 36 of the #90DaysOfDevOps challenge, where we will explore Persistent Volumes in Your Deployment.

Did you find this article valuable?

Support Esteban Moreno by becoming a sponsor. Any amount is appreciated!