ConfigMap
What is ConfigMap and when is it used? π€
Think of it as a properties file for your application. For example depending on your application environment (dev, int, prod) you will have a different database url or logging level. So for these kind of things you can use configMap.
The biggest advantage is that, with properties file, every time you modify it you have to rebuild and redeploy your application, whereas if you change configuration in configMap, you just need to restart the application pod/container.
ConfigMap can be used by the application as a set of environmental variable values or as an actual configuration file.
Example ConfigMap with database connection configuration:
apiVersion: v1 kind: ConfigMap metadata: name: my-config data: db-host: cluster-mysql.database db-port: 3306 db-name: my-db The values in this configMap can be used in a following way in your app's pod specification:
apiVersion: v1 kind: Pod metadata: name: my-app spec: containers: - name: my-app image: my-app-image env: - name: DB_HOST valueFrom: configMapKeyRef: name: my-config key: db-host - name: DB_PORT valueFrom: configMapKeyRef: name: my-config key: db-port - name me: DB_NAME valueFrom: configMapKeyRef: name: my-config key: db-name Here is an example ConfigMap which creates a configuration file for Mosquitto app:
apiVersion: v1 kind: ConfigMap metadata: name: mosquitto-config data: mosquitto.conf | log_dest stout log_type all log_timestamp true listener 9001 In this case we need to mount the ConfigMap as a volume in Kubernetes:
apiVersion: v1 kind: Pod metadata: name: mosquitto spec: containers: - name: mosquitto image: mosquitto-image volumeMounts: - name: config-file mountPath: /mosquitto/config volumes: - name: config-file configMap: name: mosquitto-config This config map will produce a file mosquitto.conf, which then can be mounted into the Mosquitto container under /mosquitto/config directory.
Secret
Secrets π are also used in these 2 ways. Either as a value for env variables or as a secret file with credentials or a certificate etc mounted into a pod.
So for a better comparison, think of secrets as encrypted configMaps.
Example secret with key-value pairs:
apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: db-user: dXNlcg== db-password: cGFzc3dvcmQ And you can use it the same way as ConfigMap in your application's configuration file:
apiVersion: v1 kind: Pod metadata: name: my-app spec: containers: - name: my-app image: my-app-image env: - name: DB_USER valueFrom: secretKeyRef: name: my-secret key: db-user - name: DB_PASSWORD valueFrom: secretKeyRef: name: my-secret key: db-password Here is an example secret that creates a file:
apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: cacert.pem | base-64-encoded value of a PEM certificate And again, just like with ConfigMap, you will need to mount this secret as a volume into the pod to use the cacert.pem file:
apiVersion: v1 kind: Pod metadata: name: my-app spec: containers: - name: my-app image: my-app-image volumeMounts: - name: certificate-file mountPath: /etc/secret volumes: - name: certificate-file configMap: name: my-secret The inconvenience with this way of creating a secret for a file is that you will have to base64 encode the file contents and then paste it into the data section.
So an easier alternative way to create secrets from a file is with kubectl command.
Like in the above case, get the cacert.pem file and execute:
kubectl create secret generic my-secret --from-file=./cacert.pem Thanks for reading π©π»βπ» and click on β€οΈ or π¦ if you learned something. π€
You can follow me on Twitter and YouTube.
More about Kubernetes Components:
Top comments (0)