Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

·

4 min read

Mastering ConfigMaps and Secrets in Kubernetes🔒🔑🛡️

What are ConfigMaps and Secrets in k8s?

In Kubernetes, ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.

  • Example:- Imagine you're in charge of a big spaceship (Kubernetes cluster) with lots of different parts (containers) that need the information to function properly. ConfigMaps are like a file cabinet where you store all the information each part needs in simple, labelled folders (key-value pairs). Secrets, on the other hand, are like a safe where you keep important, sensitive information that shouldn't be accessible to just anyone (encrypted data). So, using ConfigMaps and Secrets, you can ensure each part of your spaceship (Kubernetes cluster) has the information it needs to work properly and keep sensitive information secure! 🚀

ConfigMap

ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume these ConfigMaps as environmental variables, conditional arguments or configuration files in a volume.

Secrets

Secrets are similar to ConfigMaps but used to store confidential data such as passwords, tokens and certificates. Secrets must be stored in an encrypted format and decrypted only by the consuming pod at runtime.

Task 01

  • Create a ConfigMap for your Deployment.

    Create a ConfigMap for your Deployment using a file or the command line

    Update the deployment.yml file to include the ConfigMap.

    Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name> .

    Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.

ConfigMap for deployment using environmental variables:

Step 1: Create a configMap file for your deployment.

Step 2: Apply the configMap file using kubectl apply -f <config_file> -n <namespace> . We can view this configMap using kubectl get configmap -n <namespace>

Step 3: Update the deployment.yaml file with environment variables and apply it using kubectl apply -f <deployment_file> -n <namespace> . We can view the deployments by using kubectl get deployments -n <namespace>

Step 4: Check all pods running using kubectl get pods -n <namespace> . Go inside the running pod and check the environment variable by using kubectl exec --it <deployment_pod> -n <namespace> -- /bin/bash

ConfigMap for deployments using volumes:

Similarly, we can follow the above configMap steps for our deployment and make updates by adding volumes in the deployment file. We can apply the deployments in the same manner and obtain the desired outcome.

Task 02

  • Create a Secret for your Deployment.

    Create a Secret for your Deployment using a file or the command line.

    Update the deployment.yml file to include the Secret.

    Apply the updated deployment using the command: kubectl apply -f deployment.yml -n <namespace-name> .

    Verify that the Secret has been created by checking the status of the Secrets in your Namespace.

Step 1: First, convert the confidential data in an encrypted format by bash64 as shown below.

Step 2: Create a secret file for our deployment by using vim editor and apply this file using kubectl apply -f secret.yaml -n <namespace>. We can check the secret file by kubectl get secrets -n <namespace> command.

Step 3: Update the deployment.yaml file with environmental variables having secret-file reference and apply the file by using kubectl apply -f deployment.yaml -n <namespace>

Step 4: Suppose we try to know this confidential data then also it can't be visible due to encryption. This proves our confidential data is securely applied.

Now the question arises, even if it is secured, in case we need to retrieve the data if we forgot the credentials, we can use volumes to store them.

[Note: Make sure to use volumes rather than environmental variables for secretly storing confidential data because it is more convenient.]

Happy to share this knowledge.

References


Thanks for reading my blog and hope this will help you.

Keep learning and stay happy.

Peace out!!