Kiran Pawar's Blog
12. Kubernetes ConfigMaps and Secrets: Simplifying Configuration Management

12. Kubernetes ConfigMaps and Secrets: Simplifying Configuration Management

Kiran Pawar's photo
Kiran Pawar
·

4 min read

Table of contents

As you delve deeper into Kubernetes, you’ll encounter scenarios where separating configuration data from application logic becomes critical. Kubernetes offers two powerful resources for this purpose: ConfigMaps and Secrets. In this blog, we’ll explore their significance, how to create and use them, and demonstrate their application with a MySQL StatefulSet setup.

What Are ConfigMaps?

ConfigMaps store non-sensitive configuration data as key-value pairs. They enable dynamic configuration management without the need to modify application code.

Why Use ConfigMaps?

  • Centralized configuration management.

  • Easy updates without redeploying applications.

  • Decoupling environment-specific data from application logic.

What Are Secrets?

Secrets store sensitive information, such as passwords, tokens, or keys, in a secure and encoded format. Unlike ConfigMaps, Secrets are designed to keep data secure and prevent accidental exposure.

Why Use Secrets?

  • Securely store sensitive information.

  • Prevent plaintext credentials from being exposed.

  • Integrated with Kubernetes RBAC for access control.

Setting Up ConfigMaps and Secrets with MySQL

In this example, we will:

  1. Create a Secret to store the MySQL root password.

  2. Create a ConfigMap to store the database name.

  3. Use these resources in a MySQL StatefulSet.

1. Creating the Secret

The following YAML defines a Secret to store the MySQL root password:

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
  namespace: mysql
data:
  MYSQL_ROOT_PASSWORD: cm9vdAo=  # Base64 encoded for "root"

Apply the Secret:

kubectl apply -f mysql-secret.yml

Verifying the Setup

Check the Secret :

kubectl get secret -n mysql

2. Creating the ConfigMap

The ConfigMap below defines the database name:

apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config-map
  namespace: mysql
data:
  MYSQL_DATABASE: devops

Apply the ConfigMap:

kubectl apply -f mysql-config-map.yml

Verifying the Setup

Check the ConfigMap:


kubectl get configmap -n mysql

3. Creating the MySQL StatefulSet

The StatefulSet configuration below uses the Secret and ConfigMap to set environment variables for the MySQL container:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql-statefulset
  namespace: mysql
spec:
  serviceName: "mysql-service"
  replicas: 3
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8.0
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-secret
              key: MYSQL_ROOT_PASSWORD
        - name: MYSQL_DATABASE
          valueFrom:
            configMapKeyRef:
              name: mysql-config-map
              key: MYSQL_DATABASE
        volumeMounts:
        - name: mysql-data
          mountPath: /var/lib/mysql
  volumeClaimTemplates:
  - metadata:
      name: mysql-data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 1Gi

Apply the StatefulSet:

kubectl apply -f mysql-statefulset.yml

Verify the Pods:

kubectl get pods -n mysql

Access a Pod to Verify Environment Variables:

kubectl exec -it <mysql-pod-name> -n mysql -- env

You should see the environment variables MYSQL_ROOT_PASSWORD and MYSQL_DATABASE populated from the Secret and ConfigMap.

4.Access the MySQL Pod

Next, we’ll access the first MySQL pod using kubectl exec to interact with it. Use the following command to enter the pod:

Copy

kubectl exec -it mysql-statefulset-0 -n mysql -- bash

This will drop you into a bash shell inside the MySQL pod.

5.Connect to MySQL

Once inside the pod, you can connect to MySQL by running:

Copy

mysql -u root -p

You’ll be prompted to enter the MySQL root password. Enter the password you’ve configured (in our case, root).

6.List Databases

Now that you are inside the MySQL shell, let’s list the available databases by running the command:

Copy

show databases;

This will return a list of the databases:

Benefits of Using ConfigMaps and Secrets

  1. Dynamic Updates: Update configurations without redeploying the application.

  2. Security: Secrets ensure sensitive data is stored securely.

  3. Separation of Concerns: Simplifies application code by offloading configuration management to Kubernetes.

  4. Scalability: Centralized configuration simplifies scaling applications across environments.

Key Takeaways

  • Use ConfigMaps for non-sensitive configuration data.

  • Use Secrets to securely store sensitive information.

  • Combine ConfigMaps and Secrets in StatefulSets to manage dynamic configurations.

With ConfigMaps and Secrets, Kubernetes empowers you to build secure, flexible, and scalable applications effortlessly. Happy Learning!