[Kubernetes] Managing Application with Kubernetes - ConfigMaps and Secrets

Identify important ConfigMap characteristics:

1. Helps developers avoid hard-coding configuration variables into the application code.
2. Is an API object used to store non-confidential data in key-value pairs.
3. Does not provide secrecy or encryption; meant for non-sensitive information.
4. Provides configuration data to pods and deployments, decoupling environment from deployments.
5. Limited to 1 MB of data; larger amounts require mounting a volume or using a separate service.
6. Has optional data and binaryData fields; no "spec" field in the template.
7. Name must be a valid DNS subdomain name.

Describe ConfigMap capabilities: ConfigMap capabilities include:

1. Configuring environment variables for pods and deployments.
2. Providing configuration data to applications without hard-coding it into the application code.
3. Decoupling configuration settings from the application logic, enhancing flexibility and maintainability.

Consume a ConfigMap in a deployment or pod in two primary ways:

1. Environment Variables:

   • Define environment variables in the pod or deployment configuration referencing the key-value pairs from the ConfigMap.
   • Kubernetes automatically injects these environment variables into the pod's container.
   • Use the env field in the pod or deployment YAML file with the configMapKeyRef attribute to specify the ConfigMap and the key whose value should be used as the environment variable.

 

...
env:
  - name: MY_CONFIG_KEY
    valueFrom:
      configMapKeyRef:
        name: my-configmap
        key: config-key
...

　　2. Volume Mounts:

• • Mount the ConfigMap as a volume inside the pod.
  • Kubernetes creates files for each key-value pair in the ConfigMap inside the mounted volume.
  • The application running in the pod can then access these files to read the configuration data.
  • Use the volumes and volumeMounts fields in the pod or deployment YAML file to define the volume and mount paths.

...
volumes:
  - name: config-volume
    configMap:
      name: my-configmap
...
containers:
  - name: my-container
    volumeMounts:
      - name: config-volume
        mountPath: /etc/config
...

 

Example:

 

Describe three ways to create a ConfigMap:

1. Configure ConfigMap using a string literal:

   • Directly specify key-value pairs in the command line or script to create a ConfigMap.

   • kubectl create ConfigMap my-config --from-literal=MESSAGE="hello from first configmap"

2. Configuration: ConfigMap properties file:

   • Create a ConfigMap from an existing properties file containing key-value pairs.

   • > cat my.properties
      MESSAGE=hello from the my.properties file
     
     > kuberctl create cm my-cofig --from-file=my.properties
     ConfigMap/my-config created
     
     > kubectl describe ConfigMap my-config

      

3. Configuration: ConfigMap YAML:

   • Create a ConfigMap using a YAML descriptor file that defines the key-value pairs for the ConfigMap.

Describe three ways to create a Secret:

1. Secret: Use with string literals:

   • Directly create a secret by specifying sensitive information (like passwords) in the command line or script.

   • kubectl create secret generic my-secret --from-literal=my-key=my-value

      

2. Use with environment variables:

   • Create a secret using environment variables, which are then injected into pods or deployments securely.

3. Use with volume mounts:

   • Store sensitive data in a secret and mount it as a file into pods using volume mounts, allowing applications to access the secret data securely.