Day 35- Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

Day 35- Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

What are ConfigMaps and Secrets in k8s In Kubernetes

ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

Example :-

  1. Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need the information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labelled folders (key-value pairs).

  2. Secrets, on the other hand, are like a safe where you keep important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! 🚀

Creating a ConfigMap from Command line with a Text file

$ vi config.txt

$ kubectl create ns rjnamespace

$ kubectl create configmap con1 --from-file=config.txt -n rjnamespace

$ kubectl get configmap -n rjnamespace

$ kubectl describe configmap con1 -n rjnamespace

Creating a ConfigMap from Command line with a lateral (key:value)

$ kubectl create configmap con2 --from-literal=data1=var1

This Configmap is not created in any namespace

$ kubectl get configmap

$ kubectl decribe configmap con2

Creating a ConfigMap from the Command line with Manifest file

$ vi manifest.yaml

apiVersion: v1
kind: ConfigMap
metadata:
 name: con3
data:
        key1: value1
        key2: value2

$ kubectl apply -f manifest.yaml -n rjnamespace

$ kubectl describe configmap con3 -n rjnamespace

Now we will use this Configmap con3 in the deployment.yml file

Vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: reactdeployment
  namespace: rjnamespace
spec:
  replicas: 2
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: reactdjango
  template:
    metadata:
      name: reactdjango
      labels:
        app: reactdjango
    spec:
      containers:
      - name: reactdjangocontainer
        image: rjthapaa/reactdjango
        ports:
        - containerPort: 8001
        envFrom:
        - configMapRef:
               name: con3

$ kubectl apply -f deployment.yaml

$ kubectl get pods -n rjnamespace -o wide

$ kubectl exec -it <PODID> /bin/bash -n rjnamespace

$ env

Our key value from Configmap con3 is displayed here


Example 2:

vi test.yaml

apiVersion: v1
kind: ConfigMap
metadata:
 name: test.cm
data:
        db-port : "3306"

$ kubectl apply -f test.yaml

A configmap named test.cm will be created

$ kubectl get cm

Now we will use this Configmap test.cm in the deployment.yml file

Vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: reactdeployment
spec:
  replicas: 2
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: reactdjango
  template:
    metadata:
      name: reactdjango
      labels:
        app: reactdjango
    spec:
      containers:
      - name: reactdjangocontainer
        image: rjthapaa/reactdjango
        env:
        - name: DBPORT
          valueFrom:
           configMapKeyRef:
            name: test.cm
            key: db-port
        ports:
        - containerPort: 8001

$ kubectl apply -f deployment.yaml

$ kubectl get pods

Entering into the POD

$ kubectl exec -it <POD_ID> /bin/bash

$ env


Using Volume Mount path instead of Env

vi test.yaml

apiVersion: v1
kind: ConfigMap
metadata:
 name: test.cm
data:
        db-port : "3306"

$ kubectl apply -f test.yaml

$ kubectl get cm

Now we will use this Configmap test.cm in the deployment.yml file with volume mounts

vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: reactdeployment
spec:
  replicas: 2
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: reactdjango
  template:
    metadata:
      name: reactdjango
      labels:
        app: reactdjango
    spec:
      containers:
      - name: reactdjangocontainer
        image: rjthapaa/reactdjango
        volumeMounts:
        - name: dbvolumes
          mountPath: /opt 
        ports:
        - containerPort: 8001
      volumes:
      - name: dbvolumes
        configMap:
           name: test.cm

$ kubectl apply -f deployment.yaml

$ kubectl get pods

$ kubectl get pods -o wide

Entering into the POD

$ kubectl exec -it <POD_ID> /bin/bash

$ cd /opt

$ cat db-port

port 3306 is printed

Now Let's change the DB-port number from 3306 to 3307 in text.yaml and apply to see the changes

$ vi text.yaml

apiVersion: v1
kind: ConfigMap
metadata:
 name: test.cm
data:
        db-port : "3307"

$ kubectl apply -f text.yaml

configmap named test.cm will be updated with new port number

$ kubectl apply -f deployment.yml

$ kubectl get pods -o wide

$ kubectl exec -it port_ID /bin/bash

volume mountpath directory is set to /opt

$ cd /opt

$ cat dp-port

Output 3307 is displayed


Secrets in Kubernetes

$ kubectl create secret generic secret-file --from-literal=dbport="3306"

$ kubectl edit secret secret-file

$ echo MzMwNg== | base64 --decode

Method 2

Creating a Secret with yaml

Choose a username/password for the secret file and encrypt them using base64, as I did below

Encode
echo -n 'rjthapaa' | base64
echo -n 'mysecretpassword' | base64

decode
echo 'cmp0aGFwYWE=' | base64 --decode
echo 'bXlzZWNyZXRwYXNzd29yZA==' | base64 --decode

copy and paste the encrypted code into the secret.yaml

$ vi secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: cmp0aGFwYWE=
  password: bXlzZWNyZXRwYXNzd29yZA==
$ kubectl create -f secret.yaml
$ kubectl get secret

$ vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: reactdeployment
spec:
  replicas: 2
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: reactdjango
  template:
    metadata:
      name: reactdjango
      labels:
        app: reactdjango
    spec:
      containers:
      - name: reactdjangocontainer
        image: rjthapaa/reactdjango
        volumeMounts:
        - name: dbvolumes
          mountPath: /opt
        ports:
        - containerPort: 8001
      volumes:
      - name: dbvolumes
        secret:
          secretName: my-secret
$ kubectl apply -f deployment.yaml
$ kubectl get pods
$ kubectl get pods -o wide

To test the Pod’s accessibility of the volume-mounted secret, you can connect to the container and run read commands in the volume directory.

$ kubectl exec -it PodID /bin/bash
$ cd /opt
$ cat username
$ cat password


Refer https://www.airplane.dev/blog/kubernetes-secrets

CONFIGMAPS & SECRETS

https://linuxhint.com/bash_base64_encode_decode/