Home » Backend Dev » kubernetes » Day 8: Kubernetes – ConfigMaps and Secrets

Day 8: Kubernetes – ConfigMaps and Secrets

Leave a Comment / By /

Introduction to ConfigMaps and Secrets

In Kubernetes, ConfigMaps and Secrets are essential for managing application configuration and sensitive data. They decouple configuration from application code, ensuring flexibility and security in your deployments.

This guide covers the basics of ConfigMaps and Secrets, how to create and use them, and best practices for secure and efficient management.

What is a ConfigMap?

A ConfigMap is an API object used to store non-sensitive configuration data in key-value pairs. Applications can consume this data as environment variables, command-line arguments, or configuration files.

Key Features of ConfigMaps:

  1. Decoupling Configuration: Separate configuration from application code.
  2. Reusability: Share configurations across multiple applications.
  3. Dynamic Updates: Update application configurations without rebuilding the container image.

Creating a ConfigMap

Method 1: Using a YAML File

Create a file named example-configmap.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: example-configmap
  namespace: default
  labels:
    app: my-app
    env: production
  annotations:
    description: Configuration for my application

data:
  APP_NAME: MyApp
  APP_ENV: Production

Apply the ConfigMap:

kubectl apply -f example-configmap.yaml

Method 2: From Literal Values

kubectl create configmap example-configmap \
  --from-literal=APP_NAME=MyApp \
  --from-literal=APP_ENV=Production

Viewing ConfigMap Details

kubectl get configmaps
kubectl describe configmap example-configmap

Using a ConfigMap in a Pod

ConfigMaps can be consumed as environment variables or mounted as files.

Example: Using ConfigMap as Environment Variables

Create a pod specification file example-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: example-container
    image: busybox
    command: ["sh", "-c", "env && sleep 3600"]
    env:
    - name: APP_NAME
      valueFrom:
        configMapKeyRef:
          name: example-configmap
          key: APP_NAME
    - name: APP_ENV
      valueFrom:
        configMapKeyRef:
          name: example-configmap
          key: APP_ENV

Apply the Pod:

kubectl apply -f example-pod.yaml

Check the environment variables:

kubectl exec example-pod -- env

What is a Secret?

A Secret is an API object used to store sensitive information such as passwords, tokens, or keys. Secrets provide a secure way to manage sensitive data without embedding it in application code or container images.

Key Features of Secrets:

  1. Secure Storage: Secrets are encoded in Base64 and stored securely in the cluster.
  2. Controlled Access: Role-Based Access Control (RBAC) ensures restricted access.
  3. Multiple Usage Options: Consume Secrets as environment variables or files.

Creating a Secret

Method 1: Using a YAML File

Create a file named example-secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
  namespace: default

data:
  USERNAME: YWRtaW4=
  PASSWORD: cGFzc3dvcmQ=

Encode data in Base64:

echo -n "admin" | base64
echo -n "password" | base64

Apply the Secret:

kubectl apply -f example-secret.yaml

Method 2: From Literal Values

kubectl create secret generic example-secret \
  --from-literal=USERNAME=admin \
  --from-literal=PASSWORD=password

Viewing Secret Details

kubectl get secrets
kubectl describe secret example-secret

Note: Secret data is displayed in Base64 format.

Using a Secret in a Pod

Secrets can be used as environment variables or mounted as volumes.

Example: Using Secret as Environment Variables

Create a pod specification file example-secret-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: example-secret-pod
spec:
  containers:
  - name: example-container
    image: busybox
    command: ["sh", "-c", "env && sleep 3600"]
    env:
    - name: USERNAME
      valueFrom:
        secretKeyRef:
          name: example-secret
          key: USERNAME
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: example-secret
          key: PASSWORD

Apply the Pod:

kubectl apply -f example-secret-pod.yaml

Verify the environment variables:

kubectl exec example-secret-pod -- env

Best Practices for ConfigMaps and Secrets

  1. Use Namespaces: Organize ConfigMaps and Secrets in namespaces for better isolation.
  2. Enable Encryption: Enable etcd encryption for sensitive data at rest.
  3. RBAC Policies: Apply fine-grained RBAC policies to restrict access.
  4. Avoid Hardcoding: Avoid embedding sensitive data in manifests or code.
  5. Monitor and Rotate: Regularly monitor and rotate sensitive data for security.

Conclusion

Kubernetes ConfigMaps and Secrets are powerful tools for managing application configurations and sensitive data. By understanding their use cases and best practices, you can ensure secure and flexible deployments.

References

*** Your support will help me continue to bring new Content. Love Coding *** ❤️

Feedback and Discussion

Have questions or feedback? Comment below! Let’s build a collaborative learning environment. Check out more articles on Node.js, Express.js, and System Design.

Leave a Comment

Your email address will not be published. Required fields are marked *