Table of contents
Let’s dive into the details of ConfigMaps and Secrets in Kubernetes.
ConfigMaps
ConfigMaps are used to store non-confidential configuration data in key-value pairs. They allow you to decouple configuration artifacts from image content to keep your containerized applications portable. Here are some key points about ConfigMaps:
Purpose: Store non-sensitive configuration data.
Data Format: Plain text.
Usage: ConfigMaps can be used to inject configuration data into pods as environment variables, command-line arguments, or configuration files.
Creation: You can create a ConfigMap using a YAML file or directly from the command line.
Example of a ConfigMap YAML file:
Step 1: Create a ConfigMap
Using a YAML file.
Create a file named configmap.yaml
with the following content:
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
data:
config1: myValue_1
config2: myValue_2
To create this ConfigMap, you would use:
kubectl apply -f my-configmap.yaml
You can also create a ConfigMap directly from the command line:
kubectl create configmap my-configmap --from-literal=config1=myValue_1 --from-literal=config2=myValue_2
Step 2: Update the Deployment YAML File
Update your deployment.yml
file to include the ConfigMap. Here is an example of how to reference the ConfigMap in your Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: nginx:latest
envFrom:
- configMapRef:
name: my-configmap
Step 3: Apply the Updated Deployment
Apply the updated deployment using the following command:
kubectl apply -f deployment.yml -n <namespace-name>
Replace <namespace-name>
with the actual namespace if you are using.
Step 4: Verify the ConfigMap
To verify that the ConfigMap has been created, you can check the status of the ConfigMaps in your namespace:
kubectl get configmaps -n <namespace-name>
This will list all ConfigMaps in the specified namespace, and you should see my-configmap
listed.
Secrets
Secrets are similar to ConfigMaps but are designed to store sensitive information, such as passwords, OAuth tokens, and SSH keys. Here are some key points about Secrets:
Purpose: Store sensitive data securely.
Data Format: Base64-encoded.
Usage: Secrets can be used to inject sensitive data into pods as environment variables, command-line arguments, or configuration files.
Creation: You can create a Secret using a YAML file or directly from the command line.
Example of a Secret YAML file:
Step 1: Create a Secret
You can create a Secret using a YAML file or directly from the command line.
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: dGVzdF91c2Vy # test_user
password: cGFzc3dvcmQ= # password
To create this Secret, you would use:
kubectl apply -f my-secret.yaml
Using the command-line.
You can also create a Secret directly from the command line:
kubectl create secret generic my-secret --from-literal=username=test_user --from-literal=password=password
Note: Kubernetes will automatically encode the values in Base64.
Step 2: Update the Deployment YAML File
Update your deployment.yml
file to include the Secret. Here is an example of how to reference the Secret in your Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: nginx:latest
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
Step 3: Apply the Updated Deployment
Apply the updated deployment using the following command:
kubectl apply -f deployment.yml -n <namespace-name>
Replace <namespace-name>
with the actual namespace if you are using.
Step 4: Verify the Secret
To verify that the Secret has been created, you can check the status of the Secrets in your namespace:
kubectl get secrets -n <namespace-name>
This will list all Secrets in the specified namespace, and you should see my-secret
listed.
Key Differences
Data Sensitivity: ConfigMaps are for non-sensitive data, while Secrets are for sensitive data.
Data Encoding: ConfigMaps store data in plain text, whereas Secrets store data in Base64-encoded format.
Security: Secrets provide additional security features, such as encryption at rest and access control.
Use Cases
ConfigMaps: Use ConfigMaps for application configuration, such as database connection strings, feature flags, and other non-sensitive settings.
Secrets: Use Secrets for sensitive information like passwords, API keys, and certificates.
By using ConfigMaps and Secrets, you can manage your application’s configuration and sensitive data more effectively, keeping your containerized applications secure and portable.
Thank you for reading😉.