Category: Infrastructure as Code and Configuration Management

Dynamic Configuration Management in Kubernetes with ConfigMaps and Secrets

Introduction

In Kubernetes, managing application configurations dynamically is essential for scalability, security, and zero-downtime deployments. Traditionally, configurations were hardcoded inside applications, requiring a restart to apply changes. However, Kubernetes ConfigMaps and Secrets allow us to separate configurations from application code, enabling real-time updates without affecting running pods.

In this guide, we will:
✅ Use ConfigMaps for non-sensitive configuration data.
✅ Use Secrets for storing sensitive credentials securely.
✅ Mount configurations as volumes for dynamic updates without pod restarts.

Step 1: Creating a ConfigMap

A ConfigMap stores application settings like environment variables, log levels, and external API URLs.

ConfigMap YAML (configmap.yaml)

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: "production"
  LOG_LEVEL: "info"
Click Here to Copy YAML

Apply the ConfigMap:

kubectl apply -f configmap.yaml

Step 2: Creating a Secret

A Secret securely stores sensitive data, such as database credentials and API keys.

Secret YAML (secret.yaml)

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  DB_PASSWORD: Ym9zcw==
Click Here to Copy YAML

To encode a password in base64:

echo -n "boss" | base64

Apply the Secret:

kubectl apply -f secret.yaml

Step 3: Injecting ConfigMap and Secret into a Deployment

Now, let’s inject these values into a Kubernetes Deployment.

Deployment YAML (deployment.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: nginx:latest
        env:
        - name: APP_ENV
          valueFrom:
            configMapKeyRef:
              name: app-config
              key: APP_ENV
        - name: LOG_LEVEL
          valueFrom:
            configMapKeyRef:
              name: app-config
              key: LOG_LEVEL
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-secret
              key: DB_PASSWORD
Click Here to Copy YAML

Apply the Deployment:

kubectl apply -f deployment.yaml

Step 4: Enabling Automatic Updates for ConfigMaps

By default, ConfigMaps do not update dynamically inside a running pod when changed. To enable automatic updates, we can mount the ConfigMap as a volume.

Modify Deployment to Use ConfigMap as a Volume

spec:
  volumes:
    - name: config-volume
      configMap:
        name: app-config
  containers:
    - name: my-app
      image: nginx:latest
      volumeMounts:
        - name: config-volume
          mountPath: "/etc/config"
          readOnly: true
Click Here to Copy YAML

Apply the Updated Deployment:

kubectl apply -f deployment.yaml

Now, whenever the ConfigMap is updated, the mounted file inside the pod will automatically reflect the changes without requiring a pod restart.

Step 5: Verifying ConfigMap and Secret Usage

Check ConfigMap Values in a Running Pod

kubectl exec -it <pod-name> -- printenv | grep APP_ENV

Verify Secret Values (Base64 Encoded)

kubectl get secret app-secret -o yaml

Important: Kubernetes does not allow printing Secrets in plaintext for security reasons.

Conclusion

With ConfigMaps and Secrets, we have achieved:
✅ Separation of application and configuration for better maintainability.
✅ Dynamic configuration updates without pod restarts.
✅ Secure handling of sensitive data with Secrets.

This approach ensures zero downtime, scalable deployments, and strong security for your Kubernetes applications.

Have you implemented ConfigMaps and Secrets in your Kubernetes projects? Share your experiences in the comments!👇

Helm Deep Dive: Creating Production-Ready Charts

Introduction

In Kubernetes environments, managing application deployments efficiently is crucial. Helm, the Kubernetes package manager, simplifies this process by providing a standardized way to define, install, and upgrade applications.

In this guide, we will build a production-ready Helm chart, ensuring reusability, parameterization, and best practices.

Step 1: Setting Up a Helm Chart

To begin, we create a new Helm chart:

helm create myapp
cd myapp

This command generates a default Helm chart structure, including templates/ for Kubernetes manifests and values.yaml for configuration management.

Step 2: Defining values.yaml

A well-structured values.yaml enables customization without modifying templates. Here’s an optimized configuration:

replicaCount: 2

image:
  repository: nginx
  tag: latest
  pullPolicy: IfNotPresent

service:
  type: ClusterIP
  port: 80

ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
  hosts:
    - host: myapp.local
      paths:
        - path: /
          pathType: ImplementationSpecific

resources:
  limits:
    cpu: 500m
    memory: 256Mi
  requests:
    cpu: 250m
    memory: 128Mi

autoscaling:
  enabled: false

serviceAccount:
  create: true
Click Here to Copy YAML

This structure allows flexibility in modifying configurations at runtime.

Step 3: Customizing Kubernetes Manifests

Next, we modify templates/deployment.yaml to dynamically use the values from values.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}
  labels:
    app: {{ .Release.Name }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
    spec:
      containers:
        - name: nginx
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          ports:
            - containerPort: 80
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
Click Here to Copy YAML

This template ensures a scalable and parameterized deployment.

Step 4: Installing and Managing the Helm Chart

To install the Helm chart:

helm install myapp ./myapp

To update the deployment after modifying values.yaml:

helm upgrade myapp ./myapp

To uninstall and remove the release:

helm uninstall myapp

Conclusion

Using Helm for Kubernetes deployments provides several advantages:

✅ Modularity & Reusability: Define once, deploy multiple times with different values
✅ Scalability: Easily manage replicas, resources, and autoscaling configurations
✅ Simplified Upgrades & Rollbacks: Helm makes it easy to manage application lifecycles

By following best practices, we can ensure efficient, scalable, and production-ready deployments with Helm.

What’s your experience with Helm? Drop your thoughts in the comments!👇

Using Kustomize for Environment-Specific Kubernetes Configurations

Managing multiple environments (development, staging, production) in Kubernetes can be complex. Different environments require different configurations, such as replica counts, image versions, and resource limits. Kustomize provides a clean, native Kubernetes solution to manage these variations while keeping a single source of truth.

Why Use Kustomize?

  • Declarative approach – No need for external templating.
  • Layered configuration – Maintain a base config with environment-specific overlays.
  • Native Kubernetes integration – Directly used with kubectl apply -k.

Setting Up Kustomize Directory Structure

Kustomize uses a base-and-overlay pattern. We will create a base configuration that applies to all environments and overlays for dev, staging, and prod to customize them as needed.

Run the following to set up the directory structure:

mkdir -p kustomize/base kustomize/overlays/dev kustomize/overlays/staging kustomize/overlays/prod

Creating the Base Configuration

The base configuration includes the core Deployment and Service YAMLs.

Deployment (kustomize/base/deployment.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80
Click Here to Copy YAML

Service (kustomize/base/service.yaml)

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
Click Here to Copy YAML

Base kustomization.yaml (kustomize/base/kustomization.yaml)

resources:
  - deployment.yaml
  - service.yaml

Creating Environment-Specific Overlays

Now, let’s define overlays for dev, staging, and prod.

Dev Patch (kustomize/overlays/dev/deployment-patch.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  template:
    spec:
      containers:
        - name: nginx
          image: nginx:1.19
Click Here to Copy YAML

Staging Patch (kustomize/overlays/staging/deployment-patch.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 3
  template:
    spec:
      containers:
        - name: nginx
          image: nginx:1.21
Click Here to Copy YAML

Prod Patch (kustomize/overlays/prod/deployment-patch.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 5
  template:
    spec:
      containers:
        - name: nginx
          image: nginx:1.25
Click Here to Copy YAML

Defining Overlays

Each overlay references the base and applies environment-specific patches.

Dev kustomization.yaml (kustomize/overlays/dev/kustomization.yaml)

resources:
  - ../../base
patches:
  - path: deployment-patch.yaml

Staging kustomization.yaml (kustomize/overlays/staging/kustomization.yaml)

resources:
  - ../../base
patches:
  - path: deployment-patch.yaml

Prod kustomization.yaml (kustomize/overlays/prod/kustomization.yaml)

resources:
  - ../../base
patches:
  - path: deployment-patch.yaml

Applying the Configurations

To deploy the environment-specific configurations, use:

kubectl apply -k kustomize/overlays/dev/
kubectl apply -k kustomize/overlays/staging/
kubectl apply -k kustomize/overlays/prod/

Verify the deployments:

kubectl get deployments
kubectl get services

Conclusion

Kustomize simplifies Kubernetes configuration management by allowing environment-specific modifications while maintaining a single source of truth. With its patch-based approach, it avoids duplication and makes configurations easier to manage.

Have you used Kustomize before? How do you manage multiple Kubernetes environments? Let’s discuss in the comments!👇

Managing Kubernetes Resources with Pulumi: A Hands-on Guide

Introduction

Infrastructure as Code (IaC) is revolutionizing how we manage cloud-native applications, and Pulumi brings a unique advantage by allowing developers to define and deploy Kubernetes resources using familiar programming languages. Unlike YAML-heavy configurations, Pulumi enables us to programmatically create, manage, and version Kubernetes resources with Python, TypeScript, Go, and more.

In this guide, we’ll walk through deploying an Nginx application on Minikube using Pulumi with Python, ensuring a scalable, maintainable, and declarative approach to Kubernetes management.

Step 1: Installing Pulumi & Setting Up the Environment

Before we start, install Pulumi and its dependencies:

Install Pulumi

curl -fsSL https://get.pulumi.com | sh

Install Kubernetes CLI (kubectl) & Minikube

sudo apt install -y kubectl
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube

Start Minikube

minikube start

Step 2: Initialize a Pulumi Project

pulumi new kubernetes-python

During setup:

  • Project name: pulumi-k8s
  • Stack name: dev
  • Dependencies: Pulumi will install pulumi_kubernetes

Verify installation:

pulumi version
kubectl version --client

Step 3: Defining Kubernetes Resources in Python

Now, modify __main__.py to define an Nginx deployment and service using Pulumi:

Corrected __main__.py

import pulumi
import pulumi_kubernetes as k8s

# Define labels for the application
app_labels = {"app": "nginx"}

# Define the Deployment
deployment = k8s.apps.v1.Deployment(
    "nginx-deployment",
    metadata=k8s.meta.v1.ObjectMetaArgs(
        namespace="default",
        name="nginx-deployment",
        labels=app_labels,
    ),
    spec=k8s.apps.v1.DeploymentSpecArgs(
        replicas=2,
        selector=k8s.meta.v1.LabelSelectorArgs(
            match_labels=app_labels,
        ),
        template=k8s.core.v1.PodTemplateSpecArgs(
            metadata=k8s.meta.v1.ObjectMetaArgs(
                labels=app_labels,
            ),
            spec=k8s.core.v1.PodSpecArgs(
                containers=[
                    k8s.core.v1.ContainerArgs(
                        name="nginx",
                        image="nginx:latest",
                        ports=[k8s.core.v1.ContainerPortArgs(container_port=80)],
                    )
                ]
            ),
        ),
    ),
)

# Define a ClusterIP Service
service = k8s.core.v1.Service(
    "nginx-service",
    metadata=k8s.meta.v1.ObjectMetaArgs(
        namespace="default",
        name="nginx-service",
    ),
    spec=k8s.core.v1.ServiceSpecArgs(
        selector=app_labels,
        ports=[k8s.core.v1.ServicePortArgs(port=80, target_port=80)],
        type="ClusterIP",  # Ensures it is NOT a LoadBalancer
    ),
)

# Export the service name
pulumi.export("service_name", service.metadata.name)
Click Here to Copy Python

Step 4: Deploying the Kubernetes Resources

After defining the resources, apply them using:

pulumi up

This will:
✅ Create an Nginx Deployment with 2 replicas
✅ Create a ClusterIP Service
✅ Deploy everything to Minikube

To verify the deployment:

kubectl get all -n default

Step 5: Accessing the Application

Since we’re using ClusterIP, we need to port-forward to access the application:

kubectl port-forward svc/nginx-service 8080:80 -n default

Now, open http://localhost:8080 in your browser, and you should see the Nginx welcome page! 

Why Choose Pulumi Over YAML?

  • Programmatic Infrastructure – Use Python, TypeScript, Go, etc., instead of complex YAML.
  • Reusability & Automation – Write functions, use loops, and manage dependencies efficiently.
  • Version Control & CI/CD – Easily integrate with Git, Terraform, and GitHub Actions.

Conclusion

With Pulumi, managing Kubernetes infrastructure becomes developer-friendly and scalable. Unlike traditional YAML-based approaches, Pulumi enables real programming constructs, making it easier to define, update, and manage Kubernetes workloads efficiently.

What do you think? Have you used Pulumi before for Kubernetes? Let’s discuss in the comments!👇

Infrastructure as Code: Building Your Kubernetes Environment with Terraform

Introduction

Managing Kubernetes clusters manually can lead to configuration drift, inconsistencies, and operational overhead. By using Terraform, we can define Kubernetes resources declaratively, ensuring a version-controlled, reproducible, and scalable infrastructure.

In this post, we’ll walk through setting up a Kubernetes deployment using Terraform with a real-world example.

Why Terraform for Kubernetes?

✅ Declarative Approach – Define your infrastructure as code
✅ Version Control – Track changes using Git
✅ Reproducibility – Deploy identical environments
✅ Automation – Reduce manual configurations

Step 1: Install Terraform

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform

Verify the installation:

terraform -version

Step 2: Set Up Kubernetes Provider in Terraform

Now, let’s define our Terraform configuration for Kubernetes.

Create a new directory and files

mkdir terraform-k8s && cd terraform-k8s
touch main.tf

Terraform Configuration (main.tf)

provider "kubernetes" {
  config_path = "~/.kube/config"
}

resource "kubernetes_deployment" "nginx" {
  metadata {
    name = "nginx-deployment"
    labels = {
      app = "nginx"
    }
  }

  spec {
    replicas = 2

    selector {
      match_labels = {
        app = "nginx"
      }
    }

    template {
      metadata {
        labels = {
          app = "nginx"
        }
      }

      spec {
        container {
          name  = "nginx"
          image = "nginx:latest"
        }
      }
    }
  }
}

resource "kubernetes_service" "nginx_service" {
  metadata {
    name = "nginx-service"
  }

  spec {
    selector = {
      app = "nginx"
    }

    port {
      port        = 80
      target_port = 80
    }

    type = "NodePort"
  }
}
Click Here to Copy YAML

Step 3: Initialize Terraform

Run the following command to initialize Terraform:

terraform init

This will download the necessary Kubernetes provider.

Step 4: Validate the Configuration

Ensure there are no syntax errors:

terraform validate

Expected output:

Success! The configuration is valid.

Step 5: Deploy Kubernetes Resources

Run:

terraform apply -auto-approve

Terraform will create:

  • Deployment: Two replicas of an nginx pod
  • Service: A NodePort service exposing the pods

Step 6: Verify the Deployment

Check if the deployment is running:

kubectl get deployments

NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   2/2     2            2          1m

Check the service:

kubectl get svc

Access the service:

minikube service nginx-service --url

Step 7: Cleaning Up

To delete the deployment and service:

terraform destroy -auto-approve

Conclusion

Using Terraform to define Kubernetes resources brings consistency, automation, and version control to your infrastructure. By leveraging Infrastructure as Code (IaC), you eliminate manual errors and ensure smooth deployments across environments.

What’s your experience with Terraform for Kubernetes? Let’s discuss in the comments!👇