Skip to content

Latest commit

 

History

History
82 lines (61 loc) · 2.52 KB

kubernetes-config-map-secret.md

File metadata and controls

82 lines (61 loc) · 2.52 KB
Raw

Environment variables, ConfigMaps & Secrets

⬅️ Back to Kubernetes overview

Environment variables, ConfigMaps & Secrets

Inspect and apply the template "hello-kubernetes" example under kubernetes/hello-kubernetes/resources.yaml

kubectl apply -f kubernetes/hello-kubernetes/resources.yaml

Check the deployed app under http://localhost:31313

📝 How does the page know about the Pod name etc?

Let's externalize the message into an external configuration using a ConfigMap

kubectl create configmap hello-message --from-literal="message=👋 Hello from the ConfigMap"
kubectl get configmap
kubectl get configmap hello-message -o yaml

📝 This ConfigMap is now created imperatively. How could we make it declarative and manage it with the other resources?

Replace the environment variable definition with a lookup to the ConfigMap

          - name: MESSAGE
            valueFrom:
              configMapKeyRef:
                name: hello-message
                key: message

Apply the resources again

kubectl apply -f kubernetes/hello-kubernetes/resources.yaml

Let's check the result under http://localhost:31313

📝 Did the pods restart to show this change? Why (not)?

Let's update the value in the ConfigMap (Can also be done decoratively if part of the resource)

kubectl edit configmap hello-message

Let's check the result under http://localhost:31313

📝 Can you explain the result?

The environment inside the container can also be checked. Note: the Pod name will certainly be different

kubectl exec -it hello-kubernetes-59bb8ffc5f-gvlbq -- env
kubectl exec -it hello-kubernetes-59bb8ffc5f-gvlbq -- env | grep MESSAGE

📝 What can we do?

If we want to "protect" the values of externalized configuration, we can use Secrets

kubectl create secret generic secret-message --from-literal="message=🤫 ... this is a secret message"
kubectl get secret
kubectl get secret secret-message -o yaml

Looks safe, doesn't it?

Let's use it instead of the ConfigMap

          - name: MESSAGE
            valueFrom:
              secretKeyRef:
                name: secret-message
                key: message

Let's check the result under http://localhost:31313

💡 In the Helm module, there is a way described on how to read contents of a secret

📝 Can you put a whole file into a ConfigMap or Secret? 📝 Can you mount a ConfigMap or Secret to the file system rather than environment variables?