Udoh Deborah

Posted on Aug 25

Day 35: Mastering ConfigMaps and Secrets in Kubernetes

#kubernetes #devops #linux #pods

ConfigMaps And Secrets

What are ConfigMaps and Secrets?

ConfigMap: Stores non-sensitive configuration data as key-value pairs. A ConfigMap is ideal for storing non-confidential data, like an application's title or an API endpoint URL. You can create it from a file or directly from the command line.
Secret: Stores sensitive data (like passwords, API keys) in Base64-encoded form. You can create a Secret from the command line, which automatically handles the base64 encoding.

Think of them as:

ConfigMap = a public folder
Secret = a locked safe

Task 1: Create a ConfigMap for your Deployment

1. Create ConfigMap (YAML example)

Create a file called configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: todo-config
  namespace: my-namespace
data:
  APP_ENV: "production"
  APP_DEBUG: "false"
  TODO_API_URL: "http://todo-service"

2. Apply it:

kubectl apply -f configmap.yml -n my-namespace

3. Verify:

kubectl get configmaps -n my-namespace
kubectl describe configmap todo-config -n my-namespace

4. Update your Deployment to use ConfigMap

In your deployment.yml, under containers.env, reference the ConfigMap:

env:
  - name: APP_ENV
    valueFrom:
      configMapKeyRef:
        name: todo-config
        key: APP_ENV
  - name: APP_DEBUG
    valueFrom:
      configMapKeyRef:
        name: todo-config
        key: APP_DEBUG

Task 2: Create a Secret for your Deployment

1. Create Secret (YAML example)

Create a file secret.yml:

apiVersion: v1
kind: Secret
metadata:
  name: todo-secret
  namespace: my-namespace
type: Opaque
data:
  DB_USER: dXNlcg==          # base64 encoded "user"
  DB_PASSWORD: cGFzc3dvcmQ=  # base64 encoded "password"

Encode strings with:

echo -n 'user' | base64
echo -n 'password' | base64

2. Apply it:

kubectl apply -f secret.yml -n my-namespace

3. Verify:

kubectl get secrets -n my-namespace
kubectl describe secret todo-secret -n my-namespace

4. Update your Deployment to use Secret

In your deployment.yml:

env:
  - name: DB_USER
    valueFrom:
      secretKeyRef:
        name: todo-secret
        key: DB_USER
  - name: DB_PASSWORD
    valueFrom:
      secretKeyRef:
        name: todo-secret
        key: DB_PASSWORD

By the end of Day 35:

We have a ConfigMap providing environment configuration.
We have a Secret storing sensitive credentials.
Deploying seamlessly.

DEV Community

Day 35: Mastering ConfigMaps and Secrets in Kubernetes

ConfigMaps And Secrets

What are ConfigMaps and Secrets?

Think of them as:

Task 1: Create a ConfigMap for your Deployment

1. Create ConfigMap (YAML example)

2. Apply it:

3. Verify:

4. Update your Deployment to use ConfigMap

Task 2: Create a Secret for your Deployment

1. Create Secret (YAML example)

2. Apply it:

3. Verify:

4. Update your Deployment to use Secret

By the end of Day 35:

Top comments (0)