ConfigMaps & Secret — Kubernetes
ConfigMaps and Secrets are used to store configuration data and secrets, respectively. ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive data in an encrypted form.
- Create a ConfigMap for your Deployment
- Create a ConfigMap for your Deployment using a file or the command line
apiVersion: v1
kind: ConfigMap
metadata:
name: todo-app
data:
name: django-todo-app
application: todo-app
protocol: TCP
Apply the changes using
kubectl apply -f configMap.yml
Update the deployment.yml file to include the ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-todo-app
labels:
app: todo
namespace: todo-app
spec:
replicas: 2
selector:
matchLabels:
app: todo
template:
metadata:
labels:
app: todo
spec:
containers:
- name: todo
image: trainwithshubham/django-todo:latest
ports:
- containerPort: 8000
env:
- name: TODO_APP
valueFrom:
configMapKeyRef:
name: todo-app
key: application
Apply the updated deployment using the command:
First create a namespace after deploy the file
kubectl create namespace todo-app
kubectl apply -f deployment.yml <namespace-name>
Verify that the ConfigMap has been created by checking the status of the ConfigMaps in your Namespace.
The given command displays list of all ConfigMaps in your namespace
kubectl get configmaps -n todo-app
kubectl get pod -n todo-app
CreateContainerConfigError is an error that occurs when a Kubernetes container is transitioning from a pending state to a running state. It indicates the YAML configuration specified for a container in a pod is incorrect.
kubectl describe pod -n todo-app config-todo-app-84f646fbbc-fgh8l
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key.
- Create a Secret for your Deployment.
- Create a Secret for your Deployment using a file or the command line.
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: YWRtaW4= # base64 encoded value for "admin"
password: cGFzc3dvcmQyOTA2 # base64 encoded value for "password123"
In this example, we’re creating a Secret called my-secret with two keys: username and password. The values for these keys are base64-encoded, so that the encoded sensitive information can be stored as plain text in a file.
Apply the updated secret.yml file using the command
kubectl apply -f secret.yml -n <namespace-name>
Update the deployment.yaml file to include the Secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-demo
labels:
app: todo
namespace: todo-app
spec:
replicas: 2
selector:
matchLabels:
app: todo
template:
metadata:
labels:
app: todo
spec:
containers:
- name: todo
image: trainwithshubham/django-todo:latest
ports:
- containerPort: 8000
env:
- name: env_secret
valueFrom:
secretKeyRef:
name: my-secret
key: password
Apply the updated deployment using the command
kubectl apply -f deployment.yml -n <namespace-name>
Verify that the Secret has been created by checking the status of the Secrets in your Namespace.
You can use the following command to verify that the Secret has been created
kubectl get secrets -n <namespace-name>
To view the details of a specific Secret
kubectl describe secret <secret-name> -n <namespace-name>
To see the key-value pairs of an environment variable in a ConfigMap inside a pod
kubectl get pod -n <namespace-name>
kubectl exec -it <pod-name> -n <namespace-name> -- bash
Thanks for reading