top of page

Kubernetes ConfigMap and Secret explained


What is ConfigMap and when is it used?


ConfigMap


What is ConfigMap, and when is it used? 🤔 Think of it as a properties file for your application. For example, depending on your application environment (dev, int, prod), you will have a different database URL or logging level. So for these kinds of things, you can use configMap.


The biggest advantage is that, with the properties file, every time you modify it, you have to rebuild and redeploy your application. In contrast, if you change the configuration in configMap, you just need to restart the application pod/container.


ConfigMap can be used by the application as a set of environmental variable values or as an actual configuration file.


Example ConfigMap with database connection configuration:

Database connection configuration
Database connection configuration

The values in this configMap can be used in the following way in your app's pod specification:

Pod specification
Pod specification

Here is an example ConfigMap, which creates a configuration file for the Mosquito app:

Mosquitto configuration file
Mosquitto configuration file

In this case, we need to mount the ConfigMap as a volume in Kubernetes:

ConfigMap as a volume in Kubernetes
ConfigMap as a volume in Kubernetes

This config map will produce a file mosquito. conf, which then can be mounted into the Mosquito container under the /mosquito/config directory.


Secret


Secrets 🔐 are also used in these 2 ways. Either as a value for env variables or as a secret file with credentials or a certificate etc, mounted into a pod.


So for a better comparison, think of secrets as encrypted configMaps.


Example secret with key-value pairs:

Secret configuration
Secret configuration

And you can use it the same way as ConfigMap in your application's configuration file:

Secret as a volume in Kubernetes
Secret as a volume in Kubernetes

Here is an example secret that creates a file:

Secret that creates a file

And again, just like with ConfigMap, you will need to mount this secret as a volume into the pod to use the cacert.pem file:

Secret as a volume into the pod
Secret as a volume into the pod

The inconvenience with this way of creating a secret for a file is that you will have to base64 encode the file contents and then paste it into the data section.


So an easier alternative way to create secrets from a file is with kubectl command. ✅


Like in the above case, get the cacert.pem file and execute:


kubectl create secret generic my-secret --from-file=./cacert.pem 


Thanks for reading 👩🏻‍💻 and click on ❤️ if you learned something. 🤓


 

You can learn more about Kubernetes and other DevOps technologies on my Youtube channel 👏


More about Kubernetes Components:


bottom of page