Deep Dive: Managing Secrets and ConfigMaps for Angular on Kubernetes

by

Deploying Angular applications on Kubernetes often requires managing sensitive data and configuration settings. Kubernetes provides two primary resources for this purpose: Secrets and ConfigMaps. Understanding how to effectively use these resources ensures your application remains secure and configurable.

Understanding ConfigMaps

ConfigMaps are used to store non-sensitive configuration data that your Angular app can consume at runtime. They enable you to decouple configuration from code, making updates easier without rebuilding your container images.

Creating a ConfigMap

You can create a ConfigMap using a YAML file or directly via kubectl. Here is an example YAML for an Angular app configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: angular-config
data:
  apiUrl: "https://api.example.com"
  featureFlag: "true"

Apply the ConfigMap with:

kubectl apply -f configmap.yaml

Understanding Secrets

Secrets are designed to store sensitive data such as API keys, tokens, or passwords. Unlike ConfigMaps, Secrets are encoded to provide an additional layer of security, though they should still be handled carefully.

Creating a Secret

You can create a Secret using YAML or kubectl. Here’s an example YAML for an API key:

apiVersion: v1
kind: Secret
metadata:
  name: api-secret
type: Opaque
data:
  apiKey:

Encode your secret value in base64 and apply with:

echo -n 'your-api-key' | base64
kubectl apply -f secret.yaml

Integrating Secrets and ConfigMaps into Angular

In your Kubernetes deployment, mount ConfigMaps and Secrets as environment variables or files. For example, in your deployment YAML:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: angular-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: angular
  template:
    metadata:
      labels:
        app: angular
    spec:
      containers:
      - name: angular-container
        image: your-angular-image
        env:
        - name: API_URL
          valueFrom:
            configMapKeyRef:
              name: angular-config
              key: apiUrl
        - name: API_KEY
          valueFrom:
            secretKeyRef:
              name: api-secret
              key: apiKey

Within your Angular application, access these environment variables at runtime to configure API endpoints and handle sensitive data securely.

Best Practices

  • Never hardcode sensitive data into your application code.
  • Use Secrets for API keys, passwords, and tokens.
  • Use ConfigMaps for non-sensitive configuration data.
  • Encrypt Secrets at rest if your cluster supports it.
  • Limit access to Secrets and ConfigMaps using RBAC policies.

Managing Secrets and ConfigMaps effectively enhances the security and flexibility of your Angular applications on Kubernetes. Proper handling ensures sensitive data remains protected while configuration updates can be made seamlessly.