DevOps
  • Welcome to Guvi Docs!
  • Docs
    • Module 1 - Linux Introduction
      • Introduction to Linux
      • Architecture
      • Shell Basics
      • Basic Commands
        • More Commands
      • Filters
      • Redirections
      • Vagrant
      • Users
      • Groups
      • File Permissions
      • Cron Jobs
      • Process
      • Archive
      • Ubuntu Based Commands
    • Linux Cheat Sheet
      • Files & Directory Management
      • File Viewing & Editing
      • Package Management
      • System Information
      • File Permission
      • Network
      • Process Management
      • User Management
      • Text Processing
      • File Archiving & Compression
      • Disk Management
      • System
      • Miscellaneous
    • Module 2 - Network Basics
      • Introduction to Network
      • Network Components
      • OSI Models (7 Layers)
      • TCP/UDP & Ports
      • Networks based on Geography
      • Network Devices - Router and Switches
      • Network and IP
      • Public and Private IP
      • Network Commands
    • Module 3 - Bash Scripting
      • Introduction to Bash Scripting
      • Bash Structure
      • Variables
      • Operators
      • Command Line Arguments
      • Decision Making
      • Loops
      • Functions
    • Module 4 - AWS
      • Introduction to Cloud Computing
      • Introduction to AWS
      • EC2
      • IAM
      • S3
      • EFS
      • EBS
      • VPC
      • DynamoDB
      • ELB
      • Auto Scaling
      • CloudWatch
      • SNS & SQS
      • Elastic Beanstalk
      • RDS
      • Route53
      • CloudFront
      • CodeCommit
      • CodeBuild
      • CodePipeline
      • CodeDeploy
      • Serverless-Lambda
    • Module 5 - VCS
      • Introduction to Git and Github
      • Version Control System
      • Concepts of VCS
      • Git Commands
        • Configuration
        • Project Creation
        • Basic Workflow
        • Branching
        • Remote
        • Data Stream
        • Reversing
        • Logging
    • Module 6- Build Tools
      • Artifact
      • Package Management
      • Build Tools
    • Module 7 - Docker
      • Introduction to Docker
      • Docker Architecture
      • Dockerfile
      • Docker Volumes
      • Docker Networks
      • Docker Registry
      • Docker Commands
        • Install
        • Management
        • Dockerhub
        • Image
        • Container
        • Volumes
        • Network
      • Docker-compose
      • Docker-compose File
      • Docker-compose commands
    • Module 8 - Microservices
    • Module 9 - Kubernetes
      • Introduction to K8s
      • K8s Components
      • Minikube
      • K8s Objects
      • KubeConfig
      • Namespaces
      • Pods
      • Deployments
      • Services
      • PV & PVC
      • ConfigMap & Secrets
      • Ingress
      • Helm
      • Commands
        • Files Configuration
        • Cluster Management
        • Deployments
        • Pods
        • Services
        • Nodes
        • Namespaces
        • Logs
        • Events
        • Storage
        • ConfigMap & Secrets
        • DaemonSet, ReplicaSet, StatefulSet
        • Service Accounts
    • Module 10 - SDLC
      • Introduction to SDLC
      • Types of SDLC
      • Agile
      • Scrum
      • Introduction to DevOps
      • CI-CD
    • Module 11 - Jenkins
      • Introduction to Jenkins
      • Jobs
      • Management
      • Users & Roles
      • Pipeline
    • Module 12 - IAC
      • Introduction
      • HCL Basics
      • Terraform States
      • Modules
      • Secrets
      • Vaults
      • Simple Resource Creation
      • Terraform Commands
  • Module 13 - Ansible
    • Introduction to Ansible
    • Inventory
    • Playbook
    • Roles
    • Variables
    • Condition, Loops and handlers
    • Commands
      • SSH Key
      • Install
      • Adhoc-Commands
      • File Transfer
      • Package and Services
      • Connectivity
      • Playbook
  • Module 14 - CloudFormation
  • Module 15 - Monitoring
    • Prometheus
      • Introduction to Prometheus
      • Concepts
      • Setup
    • Grafana
      • Introduction to Grafana
      • Setup
Powered by GitBook
On this page
  • Secret
  • What are the differences between ConfigMaps and Secrets?
  • Working with ConfigMaps
  • Managing Secrets
  • Sample Deployment File with CM and Secrets
  1. Docs
  2. Module 9 - Kubernetes

ConfigMap & Secrets

The Kubernetes ConfigMap is a Kubernetes API resource that lets you store non-confidential configuration data for your applications. It allows you to decouple configuration from your application code, allowing you to change configuration settings without having to edit and relaunch your program.

ConfigMaps stores data in a key-value format, making it an excellent choice for environmental setups, endpoint URLs, and various application configuration parameters.

When a ConfigMap is utilized, files mounted directly into the container or environment variables can be used by the program to access the stored configurations.

Secret

A Kubernetes Secret is an object that stores and manages sensitive information like passwords, API keys, tokens, or any other secret data. Secrets, like ConfigMaps, enable you to segregate sensitive information from your application code.

Conversely, secrets are built explicitly for storing secret data and offer additional security safeguards.

Similar to ConfigMaps, secrets are key-value pairs with base64 encoding added for an extra degree of protection.

Applications retrieve sensitive data through file mounts or environment variables when accessing Secrets, just like they do with ConfigMaps.

What are the differences between ConfigMaps and Secrets?

  1. ConfigMaps are typically used for non-sensitive configuration data, while Secrets are used for storing sensitive information.

  2. ConfigMaps stores data as key-value pairs, whereas Secrets stores data as base64-encoded data, thereby ensuring an additional layer of security.

  3. ConfigMaps are typically used to store configuration data, such as environment variables, while Secrets store sensitive data, such as passwords and API key.

Working with ConfigMaps

  1. Create ConfigMap

```
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
data:
  key1: value1
  key2: value2
```

  1. Using environment variables with ConfigMaps

```
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
    - name: my-container
      image: my-image
      env:
        - name: KEY1
          valueFrom:
            configMapKeyRef:
              name: my-configmap
              key: key1
        - name: KEY2
          valueFrom:
            configMapKeyRef:
              name: my-configmap
              key: key2
```

  1. Mounting ConfigMaps as volumes

```
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  volumes:
    - name: config-volume
      configMap:
        name: my-configmap
  containers:
    - name: my-container
      image: my-image
      volumeMounts:
        - name: config-volume
          mountPath: /etc/config
```

Managing Secrets

  1. Create Secret

```
apiVersion: apps/v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: xxxxxx
  password: xxxxxxxx
```

  1. Using Secrets as environment variables

```
apiVersion: apps/v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: username
    - name: SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: password
```

  1. Mounting Secrets as volumes

```
apiVersion: apps/v1
kind: Pod
metadata:
  name: my-pod
spec:
  volumes:
    - name: secret-volume
      secret:
        secretName: my-secret
  containers:
    - name: my-container
      image: my-image
      volumeMounts:
        - name: secret-volume
          mountPath: /etc/secret
          readOnly: true
```

Sample Deployment File with CM and Secrets

```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-container
          image: my-image
          env:
            - name: CONFIG_VALUE
              valueFrom:
                configMapKeyRef:
                  name: my-configmap
                  key: key1
            - name: SECRET_VALUE
              valueFrom:
                secretKeyRef:
                  name: my-secret
                  key: username
          volumeMounts:
            - name: config-volume
              mountPath: /etc/config
            - name: secret-volume
              mountPath: /etc/secret
      volumes:
        - name: config-volume
          configMap:
            name: my-configmap
        - name: secret-volume
          secret:
            secretName: my-secret
```
PreviousPV & PVCNextIngress

Last updated 10 months ago