Scribd
Upload
17 views4 pages

Config Map

Uploaded by

Samrat Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views4 pages

Config Map

Uploaded by

Samrat Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Config Map

In Kubernetes, a ConfigMap is an API object that allows you to store configuration data in key-value pairs. It is
used to decouple configuration artifacts from container image content, making your applications easier to
manage and more flexible.

Key Features:
1. Decoupling configuration: ConfigMaps allow you to keep configuration separate from code, which makes
managing different environments (e.g., dev, test, prod) easier.

2. Multiple usage methods: You can inject ConfigMap data into your application in different ways:

As environment variables.

As command-line arguments.

As configuration files mounted inside the container.

Difference Between ConfigMap and Secrets


ConfigMap Secrets

Stores non-sensitive data like configuration Stores sensitive data like passwords, API keys,
settings (e.g., API URLs, log levels). and certificates.

Data is stored in plain text (not encrypted). Data is base64-encoded and can be encrypted
at rest.
Used for general configuration information.
Access to Secrets is more secure with RBAC
and encryption options.

Key Differences:
ConfigMaps: For non-sensitive data, stored in plain text.

Secrets: For sensitive data, stored securely with encryption options and stricter access control.

Example of ConfigMap and Secrets

apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: Secret
metadata: metadata:
name: my-config name: my-secret
data: type: Opaque
app-config: "dev" data:
log-level: "debug" username: YWRtaW4= # base64 encoded string for "admin
password: MWYyZDFlMmU2N2Rm # base64 encoded string for

How to Create ConfigMap


1. First need to create file ( i.e. Configmap.yml )

apiVersion: v1
kind: ConfigMap
metadata:
name: my-config

Config Map 1
data:
db-port: "3306"

2. Create a ConfigMap by applying “kubectl apply -f configmap.yml” then now configmap is being create.
We can check it by kubectl describe cm my-config

3. Then we need to create pods along with referring and getting the environment variable value

apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-python-app
labels:
app: sample-python-app

spec:
replicas: 2
selector:
matchLabels:
app: sample-python-app

template:
metadata:
labels:
app: sample-python-app

spec:
containers:
- name: python-app
image: rohit5683/python-demo-app:v1

env:
- name: DB-PORT
valueFrom:
configMapKeyRef:
name: my-config
key: db-port
ports:
- containerPort: 8000

4. To Check whether the ENV is created inside the pod or not.

kubectl exec -it <pod-name> --/bin/bash

env | grep DB

DB-PORT=3306

How to create Secret


1. create a secret.yaml file:

apiVersion: v1
kind: Secret

Config Map 2
metadata:
name: my-secret
type: Opaque
data:
username: bXl1c2Vy
password: bXlwYXNzd29yZA==

2. Apply the YAML file:

kubectl apply -f secret.yaml

3. Access the Secret Inside a Pod


You can access the Secret in a pod in two ways: as environment variables or mounted as a volume.

a. Accessing Secret as Environment Variables: You can inject the Secret values as environment
variables in the pod.
Example pod.yaml :

apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-python-app
labels:
app: sample-python-app

spec:
replicas: 2
selector:
matchLabels:
app: sample-python-app

template:
metadata:
labels:
app: sample-python-app

spec:
containers:
- name: python-app
image: rohit5683/python-demo-app:v1

env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
- containerPort: 8000

Config Map 3
b. Mounting Secret as a Volume: You can also mount the Secret as a volume so that its data is available
as files in the container.
Example pod.yaml :

apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-python-app
labels:
app: sample-python-app

spec:
replicas: 2
selector:
matchLabels:
app: sample-python-app

template:
metadata:
labels:
app: sample-python-app

spec:
containers:
- name: python-app
image: rohit5683/python-demo-app:v1

volumeMounts:
- name: secret-volume
mountPath: /etc/secret
volumes:
- name: secret-volume
secret:
secretName: my-secret

- containerPort: 8000

4. Verify the Secret in the Pod

If injected as environment variables:

kubectl exec my-pod -- env

If mounted as a volume:

kubectl exec my-pod -- cat /etc/secret/username

Config Map 4

You might also like