Kubernetes Made Easy: Understanding Deployments, ConfigMaps, and Secrets

Kubernetes Made Easy: Understanding Deployments, ConfigMaps, and Secrets

Kubernetes makes managing containerized applications easier. In this blog, we'll walk you through deploying a sample application, configuring it using ConfigMaps, and securing sensitive data with Secrets. Let’s get started!


Step 1: Clone the Project and Build the Docker Image

Begin by cloning the project repository and building the Docker image:

docker build -t sample-note-app:v1 .


Step 2: Create the Deployment File

Here’s a basic deployment.yml file for deploying your app:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sample-note-app
  labels:
    app: sample-note-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sample-note-app
  template:
    metadata:
      labels:
        app: sample-note-app
    spec:
      containers:
      - name: note-app
        image: sample-note-app:v1
        ports:
        - containerPort: 8000

Step 3: Apply the Deployment File

Run the following command to deploy the application:

kubectl apply -f deployment.yml

Check if your deployment and pods are running:

kubectl get pods -o wide


Step 4: Configure a ConfigMap

Create a ConfigMap file (cm.yml) to store configuration data:

apiVersion: v1
kind: ConfigMap
metadata:
  name: test-cm
data:
  db-port: "3306"

Apply it:

kubectl apply -f cm.yml

Verify its creation:

kubectl get configmap test-cm
kubectl describe configmap test-cm


Step 5: Use ConfigMap in Deployment

Update your deployment.yml to use the ConfigMap as an environment variable:

 kubectl edit deployment sample-note-app

Notice how Kubernetes terminates old pods and creates new ones.

Check inside the pods to confirm the environment variable is set.


Problem: ConfigMap Changes Don’t Reflect in Running Pods

If the db-port value changes in the ConfigMap, it won’t update in running pods without restarting them. This can disrupt live traffic, which isn’t ideal in production.


Solution: Use VolumeMount

Instead of environment variables, use ConfigMap as a mounted file. Update your deployment.yml like this:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sample-note-app
  labels:
    app: sample-note-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sample-note-app
  template:
    metadata:
      labels:
        app: sample-note-app
    spec:
      containers:
      - name: note-app
        image: sample-note-app:v1
        volumeMounts:
          - name: db-connection
            mountPath: /opt
        ports:
        - containerPort: 8000
      volumes:
        - name: db-connection
          configMap:
            name: test-cm

Apply the changes and check inside the pods. You’ll see a file named db-port in /opt with the value 3306.

Now, if you update the ConfigMap, the file value updates automatically without restarting the pods.


Secrets: Secure Sensitive Data

To store sensitive data like passwords, use Secrets.

  1. Create a secret:
kubectl create secret generic test-secret --from-literal=db-port="3306"
  1. View the secret:
kubectl get secrets test-secret
kubectl describe secret test-secret

  1. Note: Kubernetes Secrets are only base64-encoded. For stronger encryption, use tools like HashiCorp Vault or Sealed Secrets.

To learn more, check out "How to Encrypt etcd for Secrets".


Final Thoughts

Kubernetes offers flexibility and power, but understanding its nuances, like using ConfigMaps effectively or securing sensitive data, is critical. By following this guide, you’ll be better prepared to handle real-world challenges.

Got feedback or questions? Drop them in the comments below! 👇

Happy coding! 🚀