Skip to main content

Day 19: Kubernetes ConfigMaps & Secrets 🛠️

 Day 19: Kubernetes ConfigMaps & Secrets 🛠️

Understanding how to manage configuration is critical for secure and flexible applications.

Key Takeaways:
1️⃣ ConfigMaps: The "settings file" for Kubernetes. Used to store non-sensitive data (like app URLs, environment names, or feature flags) as key-value pairs, decoupling them from your container image.
2️⃣ Secrets: The "digital safe" for Kubernetes. Used only for sensitive data (like database passwords, API keys, and TLS certificates). K8s stores this data Base64 encoded and handles it securely.
 3️⃣ Simple Analogy: A ConfigMap is a public restaurant menu 📜. A Secret is the PIN code to the restaurant's safe 🔒. You never write the PIN on the menu.
4️⃣ Hands-on Experiments:
✅ Created ConfigMaps and Secrets using both imperative (from-literal) and declarative (.yaml) methods.
✅ Practiced Base64 encoding/decoding for secret data.
✅ Injected data into Pods as environment variables (envFrom, valueFrom) and as files (volumes).
5️⃣ Why this matters: This is a production-level best practice. It means no more hard-coding passwords in code or images. This makes applications more secure, portable, and easier to manage across different environments (dev, staging, prod).





Comments

Post a Comment

Popular posts from this blog

  "Cloud zone insights not available yet, please check after some time" message on Aria Automation https://knowledge.broadcom.com/external/article?articleNumber=314894 Products VMware Aria Suite Issue/Introduction Symptoms: The certificate for Aria operations has been replaced since it was initially added to Aria Automation as an integration. When accessing the Insights pane under  Cloud Assembly  ->  Infrastructure  ->  Cloud Zone  ->  Insights  the following message is displayed:   "Cloud zone insights not available yet, please check after some time." The  /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log  file contains ssl errors similar to:   2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnu...
Post a Comment
Read more
  Scheduled workflows fail post upgrade of VMware Aria Automation/VMware Aria Orchestrator to version 8.18 Issue/Introduction Workflows scheduled in the VMware Aria Orchestrator fail after upgrading to VMware Aria Automation/VMware Aria Orchestrator version 8.18. The same workflows run successfully when executed manually (without scheduling). Environment   It affects both Standalone VMware Aria Orchestrator and embedded VMware Aria Orchestrator. Cause The issue is due to regressions in the VMware vCenter (VC) plugin on VMware Aria Automation/VMware Aria Orchestrator 8.18. Resolution This is a known issue with the VMware Aria Automation/VMware Aria Orchestrator 8.18 and the workaround is to update the VC plugin on VMware Aria Orchestrator with the latest version (attached with the KB). Alternatively, wait for the official fix in VMware Aria Automation/VMware Aria Orchestrator 8.18.1. Workaround :               Note: Take (non-memory)  sna...
Post a Comment
Read more

Top 10 high-level EC2 scenario-based questions to challenge your AWS & DevOps skills

 Here are 10 high-level EC2 scenario-based questions to challenge your AWS & DevOps skills 1. Your EC2 instance is running but you can’t connect via SSH. What troubleshooting steps will you take?  Check Security Group inbound rules (port 22 open to your IP).  Verify Network ACLs (NACLs not blocking inbound/outbound).  Confirm instance’s Public IP / Elastic IP.  Validate Key Pair and correct permissions on .pem.  Ensure SSM Agent is installed (Session Manager can help).  Check system logs on the console for OS-level issues. 2. You terminated an EC2 instance by mistake. How can you prevent this in the future? Enable Termination Protection in EC2 settings. Use IAM permissions to restrict TerminateInstances. Tag critical instances and set resource policies. 3. Your EC2 instance needs to access an S3 bucket securely. What’s the best way to configure this? Best practice: Attach an IAM Role with least privilege policy to the EC2 instance. Avoid hardcoding...
Post a Comment
Read more