Lesson 7: ConfigMaps and Secrets

In this lesson, we will explore how to manage application configuration and sensitive information in Kubernetes using ConfigMaps and Secrets. Both of these resources allow you to decouple configuration artifacts from image content to keep your applications portable.

ConfigMaps

ConfigMaps are used to store non-sensitive configuration data in key-value pairs. They can be used to configure your application without altering the container image.

Creating a ConfigMap

You can create a ConfigMap from literal values, files, or directories. Here’s how to create a ConfigMap from literal values:

kubectl create configmap my-config --from-literal=APP_ENV=production --from-literal=APP_DEBUG=false

Using ConfigMaps in Pods

You can mount a ConfigMap as a volume or use it as environment variables in your Pods. Here’s an example of how to use a ConfigMap as environment variables:

apiVersion: v1
kind: Pod
metadata:
  name: my-app
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: APP_ENV
      valueFrom:
        configMapKeyRef:
          name: my-config
          key: APP_ENV
    - name: APP_DEBUG
      valueFrom:
        configMapKeyRef:
          name: my-config
          key: APP_DEBUG

Viewing ConfigMaps

To view the created ConfigMap, you can use the following command:

kubectl get configmaps my-config -o yaml

Secrets

Secrets are similar to ConfigMaps but are specifically intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Secrets are base64 encoded and can be used in a similar way to ConfigMaps.

Creating a Secret

You can create a Secret from literal values as well:

kubectl create secret generic my-secret --from-literal=DB_PASSWORD=mysecretpassword

Using Secrets in Pods

You can also use Secrets as environment variables or mount them as files in your Pods. Here’s an example of using a Secret as an environment variable:

apiVersion: v1
kind: Pod
metadata:
  name: my-app
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: DB_PASSWORD

Viewing Secrets

To view the created Secret, you can use the following command:

kubectl get secrets my-secret -o yaml

Note: Secrets are encoded in base64, so you will need to decode them to see the original values.

Best Practices

Best Practice: Always use Secrets for sensitive information to avoid exposing them in your application code or ConfigMaps.

Common Mistake: Avoid hardcoding sensitive data in your application code. Use environment variables or configuration files instead.

Summary Table

By understanding and utilizing ConfigMaps and Secrets, you can manage your application configurations and sensitive data more effectively in Kubernetes.

Exercise 1: Create a ConfigMap

• Create a ConfigMap named app-config with the following key-value pairs:
• DATABASE_URL: postgres://user:password@localhost:5432/mydb
• CACHE_SIZE: 512

Exercise 2: Use a ConfigMap in a Pod

• Create a Pod definition that uses the app-config ConfigMap as environment variables for a container.

Exercise 3: Create and Use a Secret

• Create a Secret named db-secret with the key DB_PASSWORD and the value supersecretpassword. Then, create a Pod that uses this Secret as an environment variable.

• ConfigMaps store non-sensitive configuration data in key-value pairs.
• Secrets are used for sensitive information and are base64 encoded.
• Both ConfigMaps and Secrets can be used as environment variables or mounted as files in Pods.
• Always use Secrets for sensitive data to enhance security.
• Avoid hardcoding sensitive information in your application code.