Skip to content

ConfigMap

Estimated time to read: 3 minutes

Kubernetes Secrets store and manage sensitive information, such as passwords, O Auth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image

Create and Use Secrets

  • Generate the base64 encoding

    • Generate the base64 encoding

      echo -n 'my-app' | base64
      
      echo -n 'secretpass' | base64
      
  • Create Secret using the manifest file ofl-secret.yml

    ofl-secret.yml
    1
    2
    3
    4
    5
    6
    7
    apiVersion: v1
    kind: Secret
    metadata: 
      name: ofl-mariadb-root-password
    type: Opaque
    data:
      password: S3ViZXJuZXRlc1JvY2tzIQ==
    
  • Types of Secret

    Built-in Type Usage
    Opaque arbitrary user-defined data
    kubernetes.io/service-account-token ServiceAccount token
    kubernetes.io/dockercfg serialized ~/.dockercfg file
    kubernetes.io/dockerconfigjson serialized ~/.docker/config.json file
    kubernetes.io/basic-auth credentials for basic authentication
    kubernetes.io/ssh-auth credentials for SSH authentication
    kubernetes.io/tls data for a TLS client or server
    bootstrap.kubernetes.io/token bootstrap token data
  • create Secret using the manifest file ofl-secret.yml by using the below command

    kubectl apply -f ofl-secret.yml
    

  • Verify ofl-mariadb-root-password

    kubectl get secret
    
  • Describe the ofl-mariadb-root-password secrets

    kubectl describe secret ofl-mariadb-root-password
    
  • Secret can be edited by executing the below command.

    kubectl edit secret ofl-mariadb-root-password
    

Read and Decode secret values

  • Read secret values

      kubectl get secret ofl-mariadb-root-password -o jsonpath='{.data.password}'
    
  • Decode the secret value

    kubectl get secret ofl-mariadb-root-password -o jsonpath='{.data.password}' | base64 --decode
    

Config Map

ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume. A ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable

  • Create a ConfigMap named mariadb-config, by executing the below command.

    kubectl create configmap mariadb-config --from-file=max_allowed_packet.cnf
    

  • Verify the Config map

    kubectl get configmap mariadb-config
    
  • Describe the config map

    kubectl describe cm mariadb-config
    
  • Edit config map

    kubectl edit configmap mariadb-config
    

Using Secrets and ConfigMaps

Secrets and ConfigMaps can be mounted as environment variables or as files within a container. For the MariaDB container, you will need to mount the Secrets as environment variables and the ConfigMap as a file. 

First, though, you need to write a Deployment for MariaDB so that you have something to work with.

ofl-secret.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ofl-mariadb-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: mariadb
  template:
    metadata:
      labels:
        app: mariadb
    spec:
      containers:
      - name: mariadb
        image: mariadb:10.4

        env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: ofl-mariadb-root-password
                key: password

        envFrom:
        - secretRef:
            name: mariadb-user-creds

        volumeMounts:
        - name: mariadb-config-volume
          mountPath: /etc/mysql/conf.d


      volumes:
      - name: mariadb-config-volume
        configMap:
          name: mariadb-config
          items:
            - key: max_allowed_packet.cnf
              path: max_allowed_packet.cnf