Mastering ConfigMaps and Secrets In K8S for Smooth Deployment | Day35 | 90DaysofDevOps

ยท

4 min read

Mastering ConfigMaps and Secrets In K8S for Smooth Deployment | Day35 | 90DaysofDevOps

ConfigMaps: Your File Cabinet of Knowledge ๐Ÿ—„๏ธ

ConfigMaps acts as the organized file cabinet of your spaceship. In this metaphor, each piece of information needed by different components is stored neatly in labeled folders represented by key-value pairs. Whether it's database connection strings, API endpoints, or any configuration data, ConfigMaps ensures that each part of your spaceship has easy access to the information it requires.

Let's embark on our first task:

Task 1: ConfigMaps for Smooth Sailing ๐Ÿšข

  1. Create a ConfigMap for your Deployment:

    • You can create a ConfigMap using either a file or the command line. For example, you might have a file named configmap.yaml:

        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: mysql-configmap
        data:
          MYSQL_HOST: mysql
          MYSQL_USER: root
          MYSQL_DATABASE: mydb
      
    • Or, create it via the command line:

        kubectl create configmap my-configmap --from-literal=MYSQL_HOST=mysql --from-literal=MYSQL_USER=root --from-literal=MYSQL_DATABASE=mydb -n <namespace-name>
      
  2. Update the deployment.yml file to include the ConfigMap:

    • Modify your deployment.yml to reference the ConfigMap. For example:

        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: two-tier-app
          labels: 
            app: two-tier-app
        spec:
           replicas: 1
           selector: 
             matchlabels:
               app: two-tier-app 
          template:
            metadata: 
              labels:
                app: two-tier-app 
            spec:
              containers:
              - name: two-tier-app
                image: 'trainwithshubham/flaskapp:latest'
                env:
                - name: MYSQL_DATABASE
                  valueFrom:
                    configMapKeyRef:
                      name: mysql-configmap
                      key: MYSQL_DATABASE
                   ports:
                     - containerPort: 5000
                   imagePullPolicy: Always
      
  3. Apply the updated deployment:

    • Execute the following command to apply the changes:

        kubectl apply -f deployment.yml
      
  4. Verify ConfigMap creation:

    • Confirm that the ConfigMap has been created by checking the status of ConfigMaps in your Namespace:

        kubectl get configmaps -n <namespace-name>
      

Secrets: Safeguarding Sensitive Information ๐Ÿ”’

In our space odyssey, some information is so crucial that it should be locked away securely. Secrets serve as the fortified safe where you store sensitive data, such as API keys, passwords, or any confidential information.

Task 2: Secrets for Enhanced Security ๐Ÿ›ก๏ธ

  1. Create a Secret for your Deployment:

    • Similar to ConfigMaps, Secrets can be created from a file or the command line. Consider a file named secret.yaml:

        apiVersion: v1
        kind: Secret
        metadata:
          name: mysql-secret
          namespace: mysql
          labels:
            app: mysql
        type: Opaque
        data:
          MYSQL_DATABASE: <base64-encoded-password>
      
    • Alternatively, use the command line:

        kubectl create secret generic my-secret --from-literal=MYSQL_PASSWORD=<base64-encoded-password> -n <namespace-name>
      
  2. Update the deployment.yml file to include the Secret:

    • Modify your deployment.yml to reference the Secret. For instance:

        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: two-tier-app
          labels: 
            app: two-tier-app
        spec:
           replicas: 1
           selector: 
             matchlabels:
               app: two-tier-app 
          template:
            metadata: 
              labels:
                app: two-tier-app 
            spec:
              containers:
               - name: two-tier-app
                 image: 'trainwithshubham/flaskapp:latest'
                 ports:
                   - containerPort: 5000
                 imagePullPolicy: Always
                 env:
                   - name: MYSQL_DATABASE
                     valueFrom:
                      configMapKeyRef:
                        name: mysql-configmap
                        key: MYSQL_DATABASE
                   - name: MYSQL_ROOT_PASSWORD
                     valuefrom: 
                       secretKeyRef:
                         name: mysql-secret
                         Key: MYSQL_PASSWORD
      
  3. Apply the updated deployment:

    • Apply the changes using the following command:

        kubectl apply -f deployment.yml
      
  4. Verify Secret creation:

    • Confirm that the Secret has been created by checking the status of Secrets in your Namespace:

        kubectl get secrets -n <namespace-name>
      

You can find all the configuration files for this project in the git repository: avanishnit08/two-tier-flask-app (github.com)

Conclusion:

In the vast expanse of Kubernetes, ConfigMaps and Secrets act as crucial tools for maintaining order and security within your spaceship. By utilizing them effectively, you ensure that each component receives the necessary information while guarding sensitive data against unauthorized access. May your Kubernetes journey be smooth, and your configurations secure as you navigate the cosmic landscape of container orchestration! ๐Ÿš€

ConfigMap and Secret are essential tools for managing configuration data and secrets in Kubernetes. They help us keep our deployments consistent, secure, and scalable. By mastering ConfigMap and Secret, we can ensure that our Kubernetes clusters run smoothly and efficiently.

If you want to learn more about ConfigMap and Secret, you can check out these resources:

I hope you enjoyed this blog post on creating ConfigMap and Secret for a two-tier application in Kubernetes. Please leave your feedback or questions in the comments section below.

ย