Kubernetes ConfigMap and Secret explained
What is ConfigMap, and when is it used? 🤔 Think of it as a properties file for your application. For example, depending on your application environment (dev, int, prod), you will have a different database URL or logging level. So for these kinds of things, you can use configMap.
The biggest advantage is that, with the properties file, every time you modify it, you have to rebuild and redeploy your application. In contrast, if you change the configuration in configMap, you just need to restart the application pod/container.
ConfigMap can be used by the application as a set of environmental variable values or as an actual configuration file.
Example ConfigMap with database connection configuration:
The values in this configMap can be used in the following way in your app's pod specification:
Here is an example ConfigMap, which creates a configuration file for the Mosquito app:
In this case, we need to mount the ConfigMap as a volume in Kubernetes:
This config map will produce a file mosquito. conf, which then can be mounted into the Mosquito container under the /mosquito/config directory.
Secrets 🔐 are also used in these 2 ways. Either as a value for env variables or as a secret file with credentials or a certificate etc, mounted into a pod.
So for a better comparison, think of secrets as encrypted configMaps.
Example secret with key-value pairs:
And you can use it the same way as ConfigMap in your application's configuration file:
Here is an example secret that creates a file:
And again, just like with ConfigMap, you will need to mount this secret as a volume into the pod to use the cacert.pem file:
The inconvenience with this way of creating a secret for a file is that you will have to base64 encode the file contents and then paste it into the data section.
So an easier alternative way to create secrets from a file is with kubectl command. ✅
Like in the above case, get the cacert.pem file and execute:
kubectl create secret generic my-secret --from-file=./cacert.pem
Thanks for reading 👩🏻💻 and click on ❤️ if you learned something. 🤓
You can learn more about Kubernetes and other DevOps technologies on my Youtube channel 👏
More about Kubernetes Components: