Managing Configuration and Secrets in Kubernetes with ConfigMaps and Secrets
ConfigMaps and Secrets in Kubernetes are essential for managing configuration and sensitive data used by applications. Here's an overview of each, their importance, and an industry-level example:
ConfigMaps:
Definition: ConfigMaps are Kubernetes objects that store non-sensitive configuration data in key-value pairs. These can be used to configure applications, provide environment variables, or store configuration files.
Importance: ConfigMaps decouple configuration data from application code, making it easier to manage and update configurations without changing code. This is crucial in dynamic microservices environments where configurations may vary between services.
Industry-level Example:
Scenario: Imagine you work at a global e-commerce platform with multiple microservices. Each microservice requires different configurations, such as API endpoints, database URLs, and service-specific settings.
Usage: You create ConfigMaps for each microservice, specifying its unique configuration settings. When a microservice pod starts, it fetches its corresponding ConfigMap to obtain the required configuration. If a configuration change is needed, you update the ConfigMap without disrupting the running application. This flexibility simplifies configuration management in a complex, evolving platform.
Secrets:
Definition: Secrets are Kubernetes objects designed to store and manage sensitive information, such as API keys, database passwords, and TLS certificates. They are base64 encoded for protection.
Importance: Secrets provide a secure way to handle sensitive data by storing it separately from application code. This helps protect sensitive information from exposure and unauthorized access.
Industry-level Example:
Scenario: You're a DevOps engineer at a healthcare company that manages patient data. Security and compliance are paramount. You have a Kubernetes-based system with various microservices that require access to a patient database.
Usage: You create Secrets to store the database credentials securely. Microservices pods access these Secrets for authentication. The separation of Secrets from application code ensures that sensitive patient data remains protected and that access is limited to authorized services only. This is essential in healthcare, where patient data privacy is critical.
In this real-life example, ConfigMaps and Secrets simplify the management of configurations and sensitive data within a dynamic, security-sensitive industry context. They ensure that configurations can be updated without code changes and that sensitive information remains protected from unauthorized access.
Task 1
Create a ConfigMap for your Deployment
Create a ConfigMap for your Deployment using a file or the command line
Create a namespace using this command:
kubectl create namespace django-todo-ns
Update the configMap.yml file
kind: ConfigMap
apiVersion: v1
metadata:
name: application-demo
namespace: django-todo-ns
data:
name: django-demo
application: django-todo
protocol: TCP
Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
name: django-todo-deployment
namespace: django-todo-ns
labels:
app: django-todo
spec:
replicas: 2
selector:
matchLabels:
app: django-todo
template:
metadata:
labels:
app: django-todo
spec:
containers:
- name: django-todo
image: nahid0002/django-todo-app:latest
ports:
- containerPort: 8000
env:
- name: application
valueFrom:
configMapKeyRef:
name: application-demo
key: application
Apply the updated deployment and configMap using the command
kubectl apply -f configMap.yml
kubectl apply -f deployment.yml
Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
Use the describe command for a detailed view of the config map
kubectl get configmaps -n django-todo-ns
kubectl describe configmap application-demo -n django-todo-ns
Navigate inside the Pod and check the environment variable and the application for detailed status.
kubectl get pods -n django-todo-ns
Task 2
Create a Secret for your Deployment
Create a Secret for your Deployment using a file or the command line
Create a secret.yml file which includes the base64 encoded password.
apiVersion: v1
kind: Secret
metadata:
name: django-secret
namespace: django-todo-ns
type: Opaque
data:
password: RGV2b3BzRW50aHVzaWFzdAo=
To add the password in the above file you need to generate the base64 encoded password.
Apply the Secret to your Kubernetes cluster using the following command:
kubectl apply -f secret.yml -n django-todo-ns
Now, change the deployment.yml file to include the configuration of the secret in the deployment.
Now run the deployment file and check the status of the deployment and the secret.
kubectl apply -f deployment.yml -n django-todo-ns
Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
kubectl get secret -n django-todo-ns
You can also use the following command to view the details of a specific Secret:
kubectl describe secret django-secret -n django-todo-ns
To see the key-value pairs of an environment variable in a ConfigMap inside a cluster or a pod.
You will have a solid understanding of ConfigMaps and Secrets in Kubernetes, along with hands-on experience in managing and using them effectively. You will be equipped with the knowledge to enhance the configurability and security of your applications running in Kubernetes clusters.
Thank you for reading this blog. If you found this blog helpful, please like, share, and follow me for more blog posts like this in the future.
— Happy Learning !!!