Configuration Management
In Kubernetes, it is important to separate application code from configuration. This makes applications more portable and easier to manage. Kubernetes provides two main resources for managing configuration: ConfigMaps and Secrets.
ConfigMaps
A ConfigMap is a Kubernetes object used to store non-confidential configuration data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.
Creating a ConfigMap
You can create a ConfigMap from a file, a directory, or from literal values.
-
From a file:
kubectl create configmap my-config --from-file=my-config.properties -
From literal values:
kubectl create configmap my-config --from-literal=app.name=my-app --from-literal=app.version=1.0
Using a ConfigMap in a Pod
Here is an example of how to mount a ConfigMap as a volume in a Pod:
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: my-config
Secrets
A Secret is a Kubernetes object used to store sensitive information, such as passwords, OAuth tokens, and ssh keys. Secrets are similar to ConfigMaps, but they are stored in a more secure way.
Creating a Secret
You can create a Secret from a file or from literal values.
- From literal values:
The values are automatically base64 encoded.
kubectl create secret generic my-secret --from-literal=username=my-user --from-literal=password='my-password'
Using a Secret in a Pod
Here is an example of how to use a Secret as an environment variable in a Pod:
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
env:
- name: MY_USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username
- name: MY_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password