Kubernetes ConfigMaps and Secrets

In this blog, we will explore how we can use the the configuration data like database details using Config Maps and Secrets.

Application ( Container Image) -> Deploy it on the Dev -> INT -> Prod

Image for post
Image for post

There is no change from the application, application remains the same in all the environments. The only thing which will change is the database details. So we need to make our application code in such a way that we can provide the environment specific data separately.

Kubernetes provides to associate environment-specific data with our application containers without changing our container image.

Config Map

  • Used to define application-related data
kubectl create configmap --help
Image for post
Image for post

Command to create configmap

kubectl create configmap <map-name> <data-source>

Creating a ConfigMap from Literal Values

kubectl create configmap map1 --from-literal=test-url=https://www.devops4solutions.comkubectl get cm
kubectl get cm map1 -o yaml
Image for post
Image for post

Now we will create a POD and inject this field

kind: Pod
apiVersion: v1
metadata:
name: pod-config-map
spec:
containers:
- name: container-1
image: busybox
command: ["/bin/sh","-c","env"]
envFrom:
- configMapRef:
name: map1

Create a POD

kubectl create -f pod-configMap.yaml
kubectl logs -f pod-config-map
Image for post
Image for post

Now if we want to change the name

kind: Pod
apiVersion: v1
metadata:
name: pod-config-map-2
spec:
containers:
- name: container-1
image: busybox
command: ["/bin/sh","-c","env"]
env:
- name: new-name
valueFrom:
configMapKeyRef:
name: map1
key: test-url

Run the below command

kubectl create -f pod-configMap-2.yaml
kubectl logs -f pod-config-map-2
Image for post
Image for post

Defining a ConfigMap from a File and Loading It onto a Pod

Let’s create a file application.properties with the below content

database_port=3743
database_user=admin

Create a configMap

kubectl create configmap file-map --from-file=application.properties
kubectl get cm
Image for post
Image for post

You can see both configMaps are showing Data as 1 but in our file we have defined two keys

Note that the name of the file, application.properties, becomes the key under the data section, and the entire file payload is the value of the key.

Image for post
Image for post

Now we will mount this config in a pod using volumes

kind: Pod
apiVersion: v1
metadata:
name: config-map-mount
spec:
containers:
- name: container-1
image: busybox
command: ["/bin/sh","-c","ls /etc/config/"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: file-map
restartPolicy: Never

volumeMounts: Kubernetes mount the volume in /etc/config folder inside a container

volumes: defining the volume and providing the configMap name.

NOTE:

The name field under the volume and volumeMounts sections has to be the same so that Kubernetes can identify which volume is associated with which volumeMounts.

Run

kubectl create -f pod-configMap-mount.yaml
kubectl logs -f config-map-mount
Image for post
Image for post

Secrets

Secrets are used to store the sensitive information like database passwords

kubectl create secret generic secret1 --from-literal=password=test123
kubectl get secret secret1 -o yaml
Image for post
Image for post

Now to use this secret you can define in your yaml configuration as shown below:

envFrom:
- secretRef:
name: secret1

Written by

Devops Automation Enginneer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store