Saikat Mukherjee's blog
Mastering ConfigMaps and Secrets in Kubernetes

Mastering ConfigMaps and Secrets in Kubernetes

#90 Days of DevOps Challenge - Day 35

Saikat Mukherjee's photo
Saikat Mukherjee
·

4 min read

Table of contents

ConfigMaps

A ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

A ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable.

A ConfigMap is not designed to hold large chunks of data. The data stored in a ConfigMap cannot exceed 1 MiB. If you need to store settings that are larger than this limit, you may want to consider mounting a volume or use a separate database or file service.

There are four different ways that you can use a ConfigMap to configure a container inside a Pod:

  1. Inside a container command and args

  2. Environment variables for a container

  3. Add a file in read-only volume, for the application to read

  4. Write code to run inside the Pod that uses the Kubernetes API to read a ConfigMap

Secrets

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

Because Secrets can be created independently of the Pods that use them, there is less risk of the Secret (and its data) being exposed during the workflow of creating, viewing, and editing Pods. Kubernetes, and applications that run in your cluster, can also take additional precautions with Secrets, such as avoiding writing secret data to nonvolatile storage.

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.

There are three main ways for a Pod to use a Secret:

  • As files in a volume mounted on one or more of its containers.

  • As container environment variable.

  • By the kubelet when pulling images for the Pod.

Set Up MySQL Client using ConfigMap & Secrets

Task 1:-

  • Create a ConfigMap for your Deployment using a file or the command line
apiVersion: v1
kind: ConfigMap
metadata:
    name: mine-config
    labels:
      app: django-app
    namespace: my-app
 data:
     MYSQL_DB: "todo-database"

  • Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name>
kubectl apply -f configmap.yml

  • Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
kubectl get configmap -n my-app

Task 2:-

  • Create a Secret for your Deployment using a file or the command line
apiVersion: v1
kind: Secret
metadata:
    name: mine-secret
    namespace: my-app
  type: Opaque
  data:
    password: abcDFEkdshifdbFR

  • We can Encode & decode the Base64 key by ourselves.
# To Decode Base64 key
  echo "abcDFEkdshifdbFR" | base64 --decode

  # To Encode Base64 key
  echo "abc@1234" | base64

  • Now we need to apply the secret using name space
kubectl apply -f secret.yml -n my-app

  • Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
 kubectl get secrets -n my-app

  • Now update the deployment.yml file to include the configMap & Secret
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: mysql
    labels:
      app: mysql
    namespace: my-app
  spec:
    replicas: 3
    selector:
      matchLabels:
        app: mysql
    template:
      metadata:
        labels:
          app: mysql
      spec:
        containers:
        - name: mysql
          image: mysql:8
          ports:
          - containerPort: 3306
          env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mine-secret
                key: password
          - name: MYSQL_DATABASE
            valueFrom:
              configMapKeyRef:
                name: mine-config
                key: MYSQL_DB

  • Now we need to apply the updated deployment using the below command-
  kubectl apply -f deployment.yml -n my-app

  • Need to verify whether the pods running or not by running below command
kubectl get pods -n my-app

  • Now we need t create service file to expose the MySQL use the K8s service
apiVersion: v1
  kind: Service
  metadata:
    name: mysql-service
  spec:
    ports:
    - name: mysql
      port: 3306
    clusterIP: None
    selector:
      app: mysql

  • Now we need to apply the service
kubectl apply -f service.yml

  • Now we need to go to the worker node and install MySQL client
sudo apt install mysql-client-core-8.0

  • Now we go to master node and connect to MySQL using the below command
kubectl exec -it mysql-7f4f9cdb67-lz6mz /bin/sh -n my-app
  • Now connect the mysql using username root and password from Secret
mysql -u root -p${MYSQL_ROOT_PASSWORD}

Devops#devops,#90daysofDevOps

Thank you for reading!! I hope you find this article helpful!!

if any queries or corrections to be done to this blog please let me know.

Happy Learning!!

Saikat Mukherjee

Did you find this article valuable?

Support Saikat Mukherjee's blog by becoming a sponsor. Any amount is appreciated!

DevopsDevops articles#90daysofdevops