How to how to create a ConfigMap from a literal key-value pair and mount the configuration data into a Pod using a volume. and create a new secret and use it in a Pod through environment variables.
Last updated
Create a Namespace for the resources you'll create in this Lab Step and change your default kubectl context to use the Namespace.
Create a ConfigMap from two literal key-value pairs. The command creates one ConfigMap named app-config with two key-value pairs, DB_NAME=testdb and COLLECTION_NAME=messages.
Display the ConfigMap. This is also how you would declare an equivalent ConfigMap using a manifest file passed to kubectl create -f.
Create a Pod that mounts the ConfigMap using a volume. The volume uses the configMap key to create a volume using a ConfigMap.
List the /config directory, where the ConfigMap volume is mounted, in the container. The two ConfigMap keys are listed as files.
Get the contents of the DB_NAME file. The file content is the value of the corresponding ConfigMap key-value pair. The && echo is added simply to put the shell prompt onto a new line.
View more examples of creating ConfigMaps by entering
Create a Namespace for the resources you'll create in this lab step and change your default kubectl context to use the Namespace
Use kubectl to create a Secret named app-secret. The generic key-value pair Secret is assigned using the --from-literal option with an equal sign separating the key (password) from the value (123457). You can see kubectl create secret generic --help for other methods and examples for creating generic secrets.
Get the YAML output for the Secret you created. The data field holds all of the key-value pairs. In this case, there is only one. The key password appears as expected, but the value (MTIzNDU3) is far from "123457". That is because secret values are base-64 encoded.
Note: When you use kubectl create secret, the value is automatically encoded. If you use kubectl create -f, and specify a resource file, you need to encode the value yourself when setting the data: mapping. See the next instruction for how to achieve this. Alternatively, you can set a stringData: mapping instead which will perform the encoding for you. See kubectl explain secret for more details about the two options.
Confirm the secret value is base-64 encoded by decoding it. The base64 command can encode/decode strings. The --decode option must be specified to decode while the behavior with no options is to encode. The final echo is used to add a new line to the output so the shell prompt is on its own line.
Create a Pod that uses the Secret through an environment variable. When using a secret through an environment variable, you must include valueFrom.secretKeyRef to specify the source of the environment variable.
Print the value of the environment variable in the Pod's container. Notice that the value is base-64 decoded automatically, so there is no need to use base64 --decode inside the container.
