Day 19 of 40DaysofKubernetes : Kubernetes Configmaps and Secrets

Day 19 of 40DaysofKubernetes : Kubernetes Configmaps and Secrets

Kubernetes is a powerful orchestration platform that helps manage containerized applications at scale. Two essential resources in Kubernetes for managing configuration data are ConfigMaps and Secrets. Both play a crucial role in configuring and securing your applications.

Why Use ConfigMaps?

ConfigMaps are used to store configuration data in key-value pairs. They help separate configuration data from the container image, allowing you to manage configurations independently from your application code. This separation provides several benefits:

  1. Flexibility: You can change the configuration without rebuilding the container image.

  2. Reusability: The same configuration can be reused across different environments (e.g., development, staging, production).

  3. Scalability: Configuration changes can be rolled out without downtime or redeployment of the entire application.

The Need for ConfigMaps and Secrets in Kubernetes

Both ConfigMaps and Secrets are crucial for Kubernetes applications:

  • ConfigMaps: Used for storing non-confidential data such as configuration files, command-line arguments, and environment variables.

  • Secrets: Used for storing sensitive information like passwords, OAuth tokens, and SSH keys. Secrets are encoded in base64 to provide an additional layer of security.

Differences Between ConfigMaps and Secrets

While ConfigMaps and Secrets are similar in many ways, they serve different purposes and have key differences:

AspectConfigMapSecret
Data TypeNon-confidential configuration dataSensitive data (e.g., passwords, tokens)
EncodingPlain textBase64 encoded
Access ControlNo additional security layersEncrypted at rest and in transit
Use CasesApplication settings, configuration filesCredentials, API keys, certificates

Creating a ConfigMap

There are several ways to create a ConfigMap in Kubernetes:

1. From a Literal Value

kubectl create configmap example-config --from-literal=key1=value1 --from-literal=key2=value2

2. From a File

kubectl create configmap example-config --from-file=config-file.properties

3. From a Directory

kubectl create configmap example-config --from-file=config-dir/

4. Using a YAML Manifest

apiVersion: v1
kind: ConfigMap
metadata:
  name: example-config
data:
  key1: value1
  key2: value2

Apply the YAML file:

kubectl apply -f configmap.yaml

Injecting ConfigMap into a Pod

To inject a ConfigMap into a Pod, you can use environment variables or volumes.

Using Environment Variables

You can inject ConfigMap data as environment variables into a container.

Single Environment Variable

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    env:
    - name: KEY1
      valueFrom:
        configMapKeyRef:
          name: example-config
          key: key1

Multiple Environment Variables

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    envFrom:
    - configMapRef:
        name: example-config

Using Volumes

You can mount ConfigMap data as files inside the container.

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    volumeMounts:
    - name: config-volume
      mountPath: /etc/config
  volumes:
  - name: config-volume
    configMap:
      name: example-config

In this example, the ConfigMap data will be available in the /etc/config directory inside the container.

Different Ways to Reference ConfigMap Data into the Pod

There are several methods to reference ConfigMap data within a pod:

  1. Using env to Define Single Environment Variables: Referencing individual keys in the ConfigMap.

  2. Using envFrom to Define All ConfigMap Data as Environment Variables: Referencing the entire ConfigMap to inject all key-value pairs as environment variables.

  3. Using Volumes: Mounting ConfigMap data as files or directories within the container.

Example Using envFrom

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    envFrom:
    - configMapRef:
        name: example-config

Example Using Volumes

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    volumeMounts:
    - name: config-volume
      mountPath: /etc/config
  volumes:
  - name: config-volume
    configMap:
      name: example-config

In this setup, the ConfigMap data will be available in the /etc/config directory inside the container.

Conclusion

ConfigMaps and Secrets are fundamental components in Kubernetes for managing configuration and sensitive data. They provide a flexible and secure way to handle application settings and credentials. By separating configuration data from container images, ConfigMaps and Secrets help maintain a clean and scalable deployment workflow. Understanding how to create, manage, and inject these resources into your applications is essential for any Kubernetes practitioner.

Reference

Video

Documentation