Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications. It is a core component of many cloud-native architectures and is an essential tool for modern application development and deployment. Kubernetes provides a secure and reliable platform for running containerized applications and services. In addition to its container orchestration capabilities, Kubernetes provides a variety of other features such as service discovery, configuration management, and monitoring.
One of the most commonly used tools in Kubernetes is the ConfigMap, which is used to store configurations for various applications and services that are deployed in a Kubernetes cluster. The ConfigMap allows Kubernetes users to store and manage application configurations as key-value pairs. It also supports mounting configuration files, environment variables, and other data.
In addition to the ConfigMap, Kubernetes provides a secret management system that enables users to store sensitive data such as passwords and API keys in a secure way. Secrets are stored in an encrypted form and can be referenced from within Kubernetes pods.
In this lab, we will explore the usage of ConfigMap and Secret in Kubernetes, with a focus on how to create and use them in a Kubernetes cluster. We will also demonstrate how to mount a ConfigMap as a file and how to reference a Secret from within a pod.
Creating a ConfigMap
The first step in using ConfigMap in Kubernetes is to create the ConfigMap itself. To do this, we need to create a configuration file that contains the key-value pairs that we want to store in the ConfigMap. The configuration file should be in YAML format and should have the following structure:
apiVersion: v1
kind: Pod
metadata:
name: myvolconfig
spec:
containers:
- name: c1
image: centos
command: ["/bin/bash", "-c", "while true; do echo Shishir Tambe; sleep 5 ; done"]
volumeMounts:
- name: testconfigmap
mountPath: "/tmp/config" # the config files will be mounted as ReadOnly by default here
volumes:
- name: testconfigmap
configMap:
name: mymap # this should match the config map name created in the first step
items:
- key: sample.conf
path: sample.conf
Once we have created the configuration file, we can create the ConfigMap by running the following command:
$ kubectl create -f my-configmap.yaml
This will create a ConfigMap named my-configmap with the two key-value pairs we specified in the configuration file.
Mounting a ConfigMap as a File
Once we have created the ConfigMap, we can mount it as a file inside a pod. To do this, we need to add a volume to the pod's spec and mount the ConfigMap as a file. The following example shows how to mount the my-configmap ConfigMap as a file named my-config in the pod's /etc/config directory:
apiVersion: v1
kind: Pod
metadata:
name: myenvconfig
spec:
containers:
- name: c1
image: centos
command: ["/bin/bash", "-c", "while true; do echo Shishir Tambe; sleep 5 ; done"]
env:
- name: MYENV # env name in which value of the key is stored
valueFrom:
configMapKeyRef:
name: mymap # name of the config created
key: sample.conf
This will mount the my-configmap ConfigMap as a file named my-config in the /etc/config directory inside the pod's filesystem. The ConfigMap can then be accessed from within the pod using the file path /etc/config/my-config.
Using a Secret from Within a Pod
In addition to the ConfigMap, Kubernetes provides a secret management system that enables users to store sensitive data such as passwords and API keys in a secure way. Secrets are stored in an encrypted form and can be referenced from within Kubernetes pods.
To use a Secret from within a pod, we need to create the Secret first. We can create a Secret by running the following command:
$ kubectl create secret generic my-secret --from-literal=my-password=my-password-value
This will create a Secret named my-secret with a single key-value pair, where the key is my-password and the value is my-password-value.
Once the Secret has been created, we can reference it from within a pod by adding it to the pod's spec. The following example shows how to reference the my-secret Secret from within a pod:
apiVersion: v1
kind: Pod
metadata:
name: myvolsecret
spec:
containers:
- name: c1
image: centos
command: ["/bin/bash", "-c", "while true; do echo Shishir Tambe; sleep 5 ; done"]
volumeMounts:
- name: testsecret
mountPath: "/tmp/mysecrets" # the secret files will be mounted as ReadOnly by default here
volumes:
- name: testsecret
secret:
secretName: mysecret
This will add an environment variable named MY_PASSWORD to the pod, with the value being taken from the my-password key in the my-secret Secret. The environment variable can then be accessed from within the pod using the name MY_PASSWORD.
Conclusion:
In this lab, we have explored the usage of ConfigMap and Secret in Kubernetes. We have seen how to create a ConfigMap and how to mount it as a file inside a pod. We have also seen how to create a Secret and how to reference it from within a pod. This knowledge can be used to manage configurations and sensitive data in a secure and effective way in Kubernetes clusters.