Understanding ConfigMaps and Secrets in Kubernetes: How to Use and Reference Them Inside a Pod
Config maps and secrets in Kubernetes
- Understanding what is a config map in Kubernetes
- Explaining the difference between config map and secret
- Live demo on creating config maps and secrets and using them in pods or deployments
Using environment variables or specific files to store and retrieve database information in Kubernetes.
- Hardcoding database details in the application can lead to issues if the information changes.
- A general practice is to save the database information as environment variables or specific files and retrieve it using OS modules.
ConfigMaps store general data while Secrets store sensitive data in Kubernetes.
- ConfigMaps are used to store information that can be accessed by applications later on.
- Secrets in Kubernetes handle sensitive data and prevent it from being compromised.
Kubernetes encrypts sensitive data in secrets, making it unreadable even if accessed.
- Kubernetes uses encryption to protect data stored in secrets.
- Hacker cannot read encrypted data without the decryption key.
ConfigMaps and Secrets are used to store and pass information in Kubernetes, but Secrets are for sensitive information while ConfigMaps are for non-sensitive information.
- Secrets encrypts data at rest and allows for strong access controls.
- ConfigMaps do not encrypt data and have less restrictive access controls.
Config maps are used to store configuration data in Kubernetes.
- To create a config map, provide the API version, kind as config map, name, and data in a YAML file.
- You can save any number of data fields in a config map and use them as environment variables in Kubernetes Pods.
Configure environment variable using config map in Kubernetes
- Create a config map with the desired value for the environment variable
- Reference the config map in the deployment.yaml file to retrieve the value and overwrite the existing parts inside the pods
ConfigMap and Secrets can be used to store and access environment variables in Kubernetes pods
- Ensure proper naming and syntax when referencing ConfigMaps
- Verify the creation and running status of pods after applying the changes
Using volume mounts in Kubernetes as an alternative approach to updating environment variables.
- The environment variables inside containers cannot be directly updated.
- Instead, volume mounts can be used to store config map information in files and read from them.
Creating a volume that reads information from config map
- The volume is used for DB connection
- Mounting the volume inside the Kubernetes Pod
The config map allows you to change the DB port number inside the pod without restarting it.
- The DB port number can be updated in the config map without pod restart.
- Executing 'cat /opt/DBport' inside the pod verifies that the port number has changed as expected.
ConfigMaps and Secrets in Kubernetes
- The behavior of ConfigMaps and Secrets is the same.
- You can create Secrets using 'kubectl create secret generic' command or use a YAML file.
Practice creating a new secret for DB password
- Replace the config map key reference with secret key reference in the deployment.yaml file
- Refer to the Kubernetes documentation for using secrets as environment variables
Launch your Graphy