Kubernetes: ConfigMaps and Secrets

Kubernetes solved the problem of externalizing configurations with ConfigMaps (for non-sensitive information) and Secrets (for sensitive information).  This blog is about creating Kubernetes ConfigMaps and Secrets for your microservices. I am going to be using my express sample application from https://github.com/vidhyachari/kubernetes-config.git. Also I am using my single node Kubernetes cluster on Minikube and PowerShell for all my commands. Let’s get started !

ConfigMaps

An application’s configuration changes between environments namely development, test, production and so on. You want your application to be portable between environments. This requires storing the configurations outside of the application. Kubernetes ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. ConfigMaps can be used to store database connection string information such as database name, port number, server information and AMQ broker names, AMQ queue/topic names etc.

Add the below code to the application’s server.js file:

pic1

Add the below code to the deployment config file.

pic2

Build docker image for your hello-express application with the below command:

docker build -t hello-express:latest .

Run command “docker images“. You should see the hello-express image as below:

pic3

I am going to define the port (8081) for my application via the configmap. Also I am defining a dummy string called stringval with some value. Now create the express-configmap.yaml as below:

pic7

Create the configmap with the below command:

kubectl create -f ./kubernetes-configurations/express-configmap.yaml

pic8

Create the deployment and service for the application as below:

kubectl create -f ./kubernetes-templates-yaml/deployment.yaml

kubectl create -f ./kubernetes-templates-yaml/service.yaml

List all the running pods using command “kubectl get pods” as shown below:

pic4

The below command will show the logs for the running hello-express pod:

kubectl logs hello-express-1111023652-ksns7

pic6

The port number the application is listening on was picked up from the configMap. You also see the string “ConfigMap Test” beeing printed in the logs that was defined in the configMap.

Display the contents of the configmap with the below command:

kubectl describe configmap express-configmap

pic9

Run command “minikube service hello-express“. This opens up the browser with your exposed service URL. Navigate to  http://192.168.1.5:31844/view/index.html.

pic10

Secrets

Secrets are used for storing sensitive information like passwords, keys, tokens etc. Kubernetes creates and uses some secrets automatically (e.g. for accessing the API from a pod), but you can also create your own secret very easily. Secrets are obfuscated with a Base64 encoding.

Add the below code to server.js file to print the API_TOKEN value:

pic11

Note:  I am printing the secret on the console. This is just for demonstration purpose.

Add the below code to express-secrets.yaml file:

pic12

Create the secret with below command:

kubectl create -f ./kubernetes-configurations/express-secrets.yaml

pic13

Display the contents of the secret:

kubectl describe secret express-secrets

pic14

Run  “kubectl get pods” to list all the running pods.

pic15

Run the below command to see the logs for hello-express pod:

kubectl logs hello-express-1513590506-kfzr4

pic16

The value of the secret is picked up from the secret yaml file and printed on the console.

That’s all it takes to externalize your configurations !

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s