What are ConfigMaps and Secrets in k8s In Kubernetes
ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.
Example :-
Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need the information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labelled folders (key-value pairs).
Secrets, on the other hand, are like a safe where you keep important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! 🚀
Creating a ConfigMap from Command line with a Text file
$ vi config.txt
$ kubectl create ns rjnamespace
$ kubectl create configmap con1 --from-file=config.txt -n rjnamespace
$ kubectl get configmap -n rjnamespace
$ kubectl describe configmap con1 -n rjnamespace
Creating a ConfigMap from Command line with a lateral (key:value)
$ kubectl create configmap con2 --from-literal=data1=var1
This Configmap is not created in any namespace
$ kubectl get configmap
$ kubectl decribe configmap con2
Creating a ConfigMap from the Command line with Manifest file
$ vi manifest.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: con3
data:
key1: value1
key2: value2
$ kubectl apply -f manifest.yaml -n rjnamespace
$ kubectl describe configmap con3 -n rjnamespace
Now we will use this Configmap con3 in the deployment.yml file
Vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: reactdeployment
namespace: rjnamespace
spec:
replicas: 2
strategy:
type: Recreate
selector:
matchLabels:
app: reactdjango
template:
metadata:
name: reactdjango
labels:
app: reactdjango
spec:
containers:
- name: reactdjangocontainer
image: rjthapaa/reactdjango
ports:
- containerPort: 8001
envFrom:
- configMapRef:
name: con3
$ kubectl apply -f deployment.yaml
$ kubectl get pods -n rjnamespace -o wide
$ kubectl exec -it <PODID> /bin/bash -n rjnamespace
$ env
Our key value from Configmap con3 is displayed here
Example 2:
vi test.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: test.cm
data:
db-port : "3306"
$ kubectl apply -f test.yaml
A configmap named test.cm will be created
$ kubectl get cm
Now we will use this Configmap test.cm in the deployment.yml file
Vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: reactdeployment
spec:
replicas: 2
strategy:
type: Recreate
selector:
matchLabels:
app: reactdjango
template:
metadata:
name: reactdjango
labels:
app: reactdjango
spec:
containers:
- name: reactdjangocontainer
image: rjthapaa/reactdjango
env:
- name: DBPORT
valueFrom:
configMapKeyRef:
name: test.cm
key: db-port
ports:
- containerPort: 8001
$ kubectl apply -f deployment.yaml
$ kubectl get pods
Entering into the POD
$ kubectl exec -it <POD_ID> /bin/bash
$ env
Using Volume Mount path instead of Env
vi test.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: test.cm
data:
db-port : "3306"
$ kubectl apply -f test.yaml
$ kubectl get cm
Now we will use this Configmap test.cm in the deployment.yml file with volume mounts
vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: reactdeployment
spec:
replicas: 2
strategy:
type: Recreate
selector:
matchLabels:
app: reactdjango
template:
metadata:
name: reactdjango
labels:
app: reactdjango
spec:
containers:
- name: reactdjangocontainer
image: rjthapaa/reactdjango
volumeMounts:
- name: dbvolumes
mountPath: /opt
ports:
- containerPort: 8001
volumes:
- name: dbvolumes
configMap:
name: test.cm
$ kubectl apply -f deployment.yaml
$ kubectl get pods
$ kubectl get pods -o wide
Entering into the POD
$ kubectl exec -it <POD_ID> /bin/bash
$ cd /opt
$ cat db-port
port 3306 is printed
Now Let's change the DB-port number from 3306 to 3307 in text.yaml and apply to see the changes
$ vi text.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: test.cm
data:
db-port : "3307"
$ kubectl apply -f text.yaml
configmap named test.cm will be updated with new port number
$ kubectl apply -f deployment.yml
$ kubectl get pods -o wide
$ kubectl exec -it port_ID /bin/bash
volume mountpath directory is set to /opt
$ cd /opt
$ cat dp-port
Output 3307 is displayed
Secrets in Kubernetes
$ kubectl create secret generic secret-file --from-literal=dbport="3306"
$ kubectl edit secret secret-file
$ echo MzMwNg== | base64 --decode
Method 2
Creating a Secret with yaml
Choose a username/password for the secret file and encrypt them using base64, as I did below
Encode
echo -n 'rjthapaa' | base64
echo -n 'mysecretpassword' | base64
decode
echo 'cmp0aGFwYWE=' | base64 --decode
echo 'bXlzZWNyZXRwYXNzd29yZA==' | base64 --decode
copy and paste the encrypted code into the secret.yaml
$ vi secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: cmp0aGFwYWE=
password: bXlzZWNyZXRwYXNzd29yZA==
$ kubectl create -f secret.yaml
$ kubectl get secret
$ vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: reactdeployment
spec:
replicas: 2
strategy:
type: Recreate
selector:
matchLabels:
app: reactdjango
template:
metadata:
name: reactdjango
labels:
app: reactdjango
spec:
containers:
- name: reactdjangocontainer
image: rjthapaa/reactdjango
volumeMounts:
- name: dbvolumes
mountPath: /opt
ports:
- containerPort: 8001
volumes:
- name: dbvolumes
secret:
secretName: my-secret
$ kubectl apply -f deployment.yaml
$ kubectl get pods
$ kubectl get pods -o wide
To test the Pod’s accessibility of the volume-mounted secret, you can connect to the container and run read commands in the volume directory.
$ kubectl exec -it PodID /bin/bash
$ cd /opt
$ cat username
$ cat password
Refer https://www.airplane.dev/blog/kubernetes-secrets