This is#90DaysofDevopschallenge under the guidance ofShubham Londhesir.
Introduction:
- Congratulations on reaching Day 35 of your 90daysofdevops challenge! Yesterday, we delved into Namespaces and Services, laying the groundwork for today's topic: ConfigMaps and Secrets in Kubernetes. Let's explore how these components safeguard your cluster's configuration data and sensitive information.
What are ConfigMaps and Secrets in k8s
In Kubernetes, ConfigMaps and Secrets play vital roles in managing configuration data and sensitive information, respectively. ConfigMaps act as repositories for configuration data, structured as key-value pairs. Conversely, Secrets encrypt and store sensitive data securely.
Imagine your Kubernetes cluster as a vast spaceship comprising numerous containers, each requiring specific information to operate efficiently. ConfigMaps serve as organized file cabinets, housing the necessary data for each component in labeled folders (key-value pairs). Meanwhile, Secrets act as secure vaults, safeguarding critical, sensitive details inaccessible to unauthorized entities through encryption. By utilizing ConfigMaps and Secrets, you ensure that every facet of your Kubernetes cluster operates smoothly while upholding the integrity of sensitive data.
Task 1:
Creating a ConfigMap for Your Deployment
Generate a ConfigMap for your Deployment either through a file or command-line interface.
Let's create a config.yml file.
apiVersion: v1 kind: ConfigMap metadata: name: my-configmap labels: app: django-todo-app namespace: deploy1 data: MYSQL_DB: "database_todo"
This YAML file contains information about a database called MYSQL_DB.
We'll use this information in another file called deployment.yml.
We've also made a space called deploy1 for our deployment.
kubectl create namespace deploy1
Apply the updated deployment using the command:
kubectl apply -f config.yaml
Confirm the creation of the ConfigMap by reviewing the status of ConfigMaps within your Namespace.
kubectl apply -f configmap.yml -n <namespace-name>
Task 2:
Creating a Secret for Your Deployment
Before we create a secret, we'll encode the database password "test123" into a base64 string. Here's how:
echo -n 'test123' | base64To verify the secret key, we can use:
echo -n 'dGVzdDEyMw==' | base64 --decode
Next, we create a Secret to store the database password and mount it as a volume in the deployment. Here's the YAML configuration:
apiVersion: v1 kind: Secret metadata: name: my-secret namespace: deploy1 type: Opaque data: password: dGVzdDEyMw==
The "Opaque" type in Kubernetes is used to store arbitrary data in secret objects.
Apply the updated deployment using the command:
kubectl apply -f secret.yml -n <namespace-name>
To confirm the Secret creation, check the status of the Secrets in your Namespace:
kubectl get secrets -n <namespace-name>
Task 3:
Now, let's create a deployment.yml file for our deployment. This file includes both a ConfigMap and a Secret.
apiVersion: apps/v1 kind: Deployment metadata: name: mysql-configuration labels: app: mysql namespace: deploy1 spec: replicas: 2 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql-container image: mysql:8 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: my-secret key: password - name: MYSQL_DATABASE valueFrom: configMapKeyRef: name: my-configmap key: MYSQL_DB
This YAML file integrates both the ConfigMap and Secret into the deployment settings.
Apply the updated deployment using the command:
kubectl apply -f deployment.yml -n <namespace-name>
To check the pods in the namespace, use:
kubectl get pods -n <namespace>
Conclusion:
ConfigMaps and Secrets are indispensable components in Kubernetes, facilitating the management of configuration data and sensitive information within your cluster. By mastering their utilization, you fortify your cluster's integrity and ensure the secure handling of critical data. Embrace these practices as you continue your journey toward mastering DevOps in Kubernetes.