ConfigMaps & Secrets Persistent Volumes (PV) & Persistent Volume Claim (PVC)

ConfigMaps :-

A ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume. It allows you to decouple environment-specific configuration from your containerized application, making your application more portable. ConfigMap does not provide secrecy or encryption. If the data you want to store are confidential, use a Secret rather than a ConfigMap.

Secrets :-

Secrets, as the name suggests,A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Use Cases for Secrets: Storing database credentials, API tokens, SSL certificates.

Kubernetes objects are entities in a Kubernetes cluster that represent the cluster’s state

deployment.yml file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deployment
  namespace: mysql
  labels:
    app: mysql

spec:
  replicas: 2
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql
        ports:
        - containerPort: 3306

because we can’t created database so out mysql creash every time when it’s created.

Creating a ConfigMap:

You can create a ConfigMap using a YAML file or directly from the command line. Here’s an example using a YAML file:

Create configmap.yml file

apiVersion: v1
kind: ConfigMap 
metadata:  
  name: mysql-config
  namespace: mysql
  labels:
    app: mysql

data: 
  MYSQL_DATABASE: 'cooldb'

Apply it with:

kubectl apply -f configmap.yml -n config-secret

kubectl get configmaps -n config-secret //checking the status of the ConfigMaps

deployment.yml file after Create configmap.yml file (database)

1`spec:
  replicas: 2
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:

        - name: mysql
          image: mysql
          ports:
            - containerPort: 3306

          env:
          # Define the environment variable
            - name: MYSQL_DATABASE # Notice that the case is different here
                                     # from the key name in the ConfigMap.
              valueFrom:
                configMapKeyRef:
                  name: mysql-config  # The ConfigMap name,value comes from.
                  key: MYSQL_DATABASE  # The key to fetch.

This time it also give error because we don’t give pasword in mysql database.

Creating a Secret:

Before we create a secret, we need to create a base64 encoded string of the database password that we will use in our deployment.yml file.

I’m taking the following details as secret key. Following details as secret key:

  • Password : test123
echo -n 'test123' | base64

For verifying the secret key, we can use the following command:

echo -n 'dGVzdDEyMw==' | base64 --decode

secret.yml file

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
  namespace: mysql
  labels:
    app: mysql

type: Opaque
data:

  MYSQL_PASSWORD: dGVzdDEyMw==

What is the Opaque type? : The opaque type is used to store sensitive data such as passwords, certificates, and tokens.

Apply the updated deployment using the command:

kubectl apply -f secret.yml -n config-secret
kubectl get secrets -n config-secret

deployment.yml file after Create secret.yml file (password)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deployment
  namespace: mysql
  labels:
    app: mysql

spec:
  replicas: 2
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql
          ports:
            - containerPort: 3306
          env:
          # Define the environment variable
            - name: MYSQL_DATABASE # Notice that the case is different here
                                     # from the key name in the ConfigMap.
              valueFrom:
                configMapKeyRef:
                  name: mysql-config         # The ConfigMap this value comes from.
                  key: MYSQL_DATABASE  # The key to fetch.
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
                  key: MYSQL_PASSWORD
kubectl apply -f deployment.yml -n config-secret
kubectl get pods -n config-secret

worker node :

here we can see inside the container a database created.


Persistent Volumes (PV)

Persistent Volumes are resources in Kubernetes that provide storage implementations, such as NFS, iSCSI, or cloud-specific storage systems like AWS EBS, GCE Persistent Disk, and Azure Disk. A PV has a lifecycle independent of any individual Pod that uses the PV. This means the data remains intact, even when no Pod is using it.

Persistent Volume Claim (PVC)?

A PVC is a request for storage by a user. It’s similar to a Pod: while Pods consume node resources, PVCs consume PV resources. Once a PVC is bound to a PV, it can be mounted to a Pod and utilized as a regular disk.

  1. Creating a Persistent Volume:

    Here’s a basic example of a PV that provides 1Gi of storage on a local node:

     apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: my-pv
        namespace: mysql
      spec:
        capacity:
          storage: 1Gi
        volumeMode: Filesystem
        accessModes:
          - ReadWriteOnce
        hostPath:
          path: "/home/ubuntu/volume"
    

    2. Creating a Persistent Volume Claim:

    A PVC will claim storage from the available PVs. Here’s an example:

     kind: PersistentVolumeClaim
     metadata:
       name: my-pv-claim 
       namespace: mysql
     spec:
       accessModes:
         - ReadWriteOnce
       resources:
         requests:
           storage: 500Mi
    

    Once the above PVC is created, Kubernetes will bind it to a suitable PV.

    Deployment.yml file

     apiVersion: apps/v1
     kind: Deployment
     metadata:
       name: mysql-deployment
       namespace: mysql
       labels:
         app: mysql
    
     spec:
       replicas: 2
       selector:
         matchLabels:
           app: mysql
       template:
         metadata:
           labels:
             app: mysql
         spec:
           containers:
    
             - name: mysql
               image: mysql
               ports:
                 - containerPort: 3306
    
               env:
               # Define the environment variable
                 - name: MYSQL_DATABASE # Notice that the case is different here
                                          # from the key name in the ConfigMap.
                   valueFrom:
                     configMapKeyRef:
                       name: mysql-config         # The ConfigMap this value comes from.
                       key: MYSQL_DATABASE  # The key to fetch.
                 - name: MYSQL_ROOT_PASSWORD
                   valueFrom:
                     secretKeyRef:
                       name: mysql-secret
                       key: MYSQL_PASSWORD
               volumeMounts:
                 - name: mysql-persistent-storage
                   mountPath: /var/lib/mysql           # container path
           volumes:
           - name: mysql-persistent-storage
             persistentVolumeClaim:
               claimName: mysql-pv-claim