Score:-6

How to keep secrets as part of configmap in kubernetes?

ke flag

I have a config map which creates a config file to my application.

The structure is as below.

apiVersion: v1
kind: ConfigMap
metadata:
  name: database-configmap
data:
  config: |
   dbport=5432
   dcname=
   dbssl=false
   locktime=300
   domainuser=
   dattserverhost=localhost
   conntype=ON-PREM
   dbinstance=
   dattusessl=false
   dbpwd=VrjvBguQ
   iisport=80
   docountupgrade=false
   doreportupgrade=false
   dbname=dattdatabase
   dattuseiis=false
   dbtype=POSTGRESQL
   dbusername=postg
   dbserver=tgres.database.azure.com
   domainpwd=

Complete file will be dumped to a properties file so the application would use that.

Is there anyway to save some properties (like dbusername,dbpassword) in it as a kubernetes secret and when the deployment pods are created, these secrets and configmap will be merged to the properties file?

Please suggest.

Score:0
it flag

Short answer: don't.

Secrets and ConfigMaps are different objects. Secrets are obfuscated with a Base64 encoding and should be used for confidential data while ConfigMaps are used for non-confidential data.

You should make separate objects for confidential and non-confidential data and than use them in your Deployment. You can modify your Deployment to use both Secrets and ConfigMaps, for example:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: envtest
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: envtest
    spec:
      containers:
      - name: envtest
        image: gcr.io/<PROJECT_ID>/envtest
        ports:
        - containerPort: 3000
        env:
        - name: LANGUAGE
          valueFrom:
            configMapKeyRef:
              name: language
              key: LANGUAGE
        - name: API_KEY
          valueFrom:
            secretKeyRef:
              name: apikey
              key: API_KEY

There are also different ways of using both Secrets and ConfigMaps. For more details, see the sources below:

uday avatar
ke flag
the application configuration is saved to the properties file inside the container.Can we update the part of the configuration inside it with configmap and remaining part with secrets. We just need the username and password part of database to be set like that
Wytrzymały Wiktor avatar
it flag
Yes, this is a good approach.
uday avatar
ke flag
can you suggest how to do that, because i wasn't able to merge to a single file both secrets and configmap
Wytrzymały Wiktor avatar
it flag
Hello @uday. It would be better if you post a separate question for that. Show your configs, what you have tried and what would you like to achieve. That way it's more clear for the community and we don't mix multiple topics/tasks in one question.
uday avatar
ke flag
But that is the main topic of the question. to keep secrets as part of the configmap
Wytrzymały Wiktor avatar
it flag
Yes, and this topic was already covered as you shouldn't try to do it that way. That -1 for your question is not from me but it shows that you are asking for something that you should not do. The second issue is: how to configure a `deployment` to use both `secrets and `configmaps` and to get a good answer for that you should ask a separate question showing your configs and explaining the use case instead of mixing it all together here as this is not how SO and SF are supposed to work. Trust me and take my honest advice :)
uday avatar
ke flag
The above configmap sample only database password(dbpwd) part we will keep in secrets, everything is in configmap only. So, how to link this in the configmap final file
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.