Mastering ConfigMaps and Secrets In K8S for Smooth Deployment | Day35 | 90DaysofDevOps
ConfigMaps: Your File Cabinet of Knowledge ๐๏ธ
ConfigMaps acts as the organized file cabinet of your spaceship. In this metaphor, each piece of information needed by different components is stored neatly in labeled folders represented by key-value pairs. Whether it's database connection strings, API endpoints, or any configuration data, ConfigMaps ensures that each part of your spaceship has easy access to the information it requires.
Let's embark on our first task:
Task 1: ConfigMaps for Smooth Sailing ๐ข
Create a ConfigMap for your Deployment:
You can create a ConfigMap using either a file or the command line. For example, you might have a file named
configmap.yaml
:apiVersion: v1 kind: ConfigMap metadata: name: mysql-configmap data: MYSQL_HOST: mysql MYSQL_USER: root MYSQL_DATABASE: mydb
Or, create it via the command line:
kubectl create configmap my-configmap --from-literal=MYSQL_HOST=mysql --from-literal=MYSQL_USER=root --from-literal=MYSQL_DATABASE=mydb -n <namespace-name>
Update the deployment.yml file to include the ConfigMap:
Modify your
deployment.yml
to reference the ConfigMap. For example:apiVersion: apps/v1 kind: Deployment metadata: name: two-tier-app labels: app: two-tier-app spec: replicas: 1 selector: matchlabels: app: two-tier-app template: metadata: labels: app: two-tier-app spec: containers: - name: two-tier-app image: 'trainwithshubham/flaskapp:latest' env: - name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: mysql-configmap key: MYSQL_DATABASE ports: - containerPort: 5000 imagePullPolicy: Always
Apply the updated deployment:
Execute the following command to apply the changes:
kubectl apply -f deployment.yml
Verify ConfigMap creation:
Confirm that the ConfigMap has been created by checking the status of ConfigMaps in your Namespace:
kubectl get configmaps -n <namespace-name>
Secrets: Safeguarding Sensitive Information ๐
In our space odyssey, some information is so crucial that it should be locked away securely. Secrets serve as the fortified safe where you store sensitive data, such as API keys, passwords, or any confidential information.
Task 2: Secrets for Enhanced Security ๐ก๏ธ
Create a Secret for your Deployment:
Similar to ConfigMaps, Secrets can be created from a file or the command line. Consider a file named
secret.yaml
:apiVersion: v1 kind: Secret metadata: name: mysql-secret namespace: mysql labels: app: mysql type: Opaque data: MYSQL_DATABASE: <base64-encoded-password>
Alternatively, use the command line:
kubectl create secret generic my-secret --from-literal=MYSQL_PASSWORD=<base64-encoded-password> -n <namespace-name>
Update the deployment.yml file to include the Secret:
Modify your
deployment.yml
to reference the Secret. For instance:apiVersion: apps/v1 kind: Deployment metadata: name: two-tier-app labels: app: two-tier-app spec: replicas: 1 selector: matchlabels: app: two-tier-app template: metadata: labels: app: two-tier-app spec: containers: - name: two-tier-app image: 'trainwithshubham/flaskapp:latest' ports: - containerPort: 5000 imagePullPolicy: Always env: - name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: mysql-configmap key: MYSQL_DATABASE - name: MYSQL_ROOT_PASSWORD valuefrom: secretKeyRef: name: mysql-secret Key: MYSQL_PASSWORD
Apply the updated deployment:
Apply the changes using the following command:
kubectl apply -f deployment.yml
Verify Secret creation:
Confirm that the Secret has been created by checking the status of Secrets in your Namespace:
kubectl get secrets -n <namespace-name>
You can find all the configuration files for this project in the git repository: avanishnit08/two-tier-flask-app (github.com)
Conclusion:
In the vast expanse of Kubernetes, ConfigMaps and Secrets act as crucial tools for maintaining order and security within your spaceship. By utilizing them effectively, you ensure that each component receives the necessary information while guarding sensitive data against unauthorized access. May your Kubernetes journey be smooth, and your configurations secure as you navigate the cosmic landscape of container orchestration! ๐
ConfigMap and Secret are essential tools for managing configuration data and secrets in Kubernetes. They help us keep our deployments consistent, secure, and scalable. By mastering ConfigMap and Secret, we can ensure that our Kubernetes clusters run smoothly and efficiently.
If you want to learn more about ConfigMap and Secret, you can check out these resources:
Kubernetes Documentation: ConfigMaps
Kubernetes Documentation: Secrets
Kubernetes Tutorial: Configure a Pod to Use a ConfigMap
Kubernetes Tutorial: Distribute Credentials Securely Using Secrets
I hope you enjoyed this blog post on creating ConfigMap and Secret for a two-tier application in Kubernetes. Please leave your feedback or questions in the comments section below.