Understand Kubernetes ConfigMaps

Completed

In the application repository, there's a config file loaded in the index.html file to allow the environment variables to be updated without the need of a full image build.

The configuration file doesn't contain sensitive information, it just needs to be loaded along with the container. How can we mount the file in the container without the need of encryption or encoding?

Understand ConfigMaps

ConfigMaps are counterparts to Secrets. While Secrets provide a way to store and deliver sensitive data, ConfigMaps are objects that provide a way to store nonsensitive data using the same key-value structure as a Secret. The ConfigMaps object allows you to decouple configurations from container images so the images remain stateless.

You create a ConfigMap to store configuration data separately from the application code and load it similarly to how we load Secret objects in the Pod. You can only reference ConfigMaps by using an environment variable, or by mounting them as a file in a volume inside the container.

ConfigMaps have a data size limitation: you can hold up to 1 MiB of data in a ConfigMap. The size limitation helps you avoid large, complex configuration files by having you break large configurations into smaller chunks. With ConfigMaps, you can mount only the required configuration files in your containers, which allows for more granularity.

Like Secrets, ConfigMaps are namespaced. You can only access and mount a ConfigMap by using the containers present in the same namespace that it was created in.

ConfigMaps are also widely used by other tools, such as Helm and Kubernetes Operators, to store and read states.

ConfigMap updates

All ConfigMaps that are mounted as volumes inside a pod are automatically updated once their value is changed. This change might not occur immediately because of the Kubelet configuration, but it happens automatically so there's no need to restart the Pod.

When a ConfigMap is bound to environment variables, it isn't automatically updated. For these cases, it's necessary to restart the Pod for the changes to take effect.

Create and use ConfigMaps

You can create a ConfigMap using the same approach as a Secret: a YAML file. The ConfigMap specification is as follows:

apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap-name
  namespace: default
data:
  key-name: "value as key"
  key.name: |
    multi line
    property, called "file-like" values

You can reference ConfigMaps by one or more keys in the specification of a Pod or Deployment, as shown in the following example:

apiVersion: v1
kind: Pod
metadata:
  name: configmap-as-env
  namespace: default
spec:
  containers:
    - name: configmap-env
      image: alpine
      command: ["sleep", "3600"]
      env:
        - name: ENVIRONMENT_VARIABLE_NAME
          valueFrom:
            configMapKeyRef:
              name: configmap-name
              key: key-name

You can also mount them as files inside the pod using read-only volumes, as shown in the following example:

apiVersion: v1
kind: Pod
metadata:
  name: configmap-as-env
  namespace: default
spec:
  containers:
    - name: configmap-env
      image: alpine
      command: ["sleep", "3600"]
      volumeMounts:
      - name: volume-name
        mountPath: "/path/to/mount"
        readOnly: true
  volumes:
    - name: volume-name
      configMap:
        name: configmap-name
        items:
        - key: "key-name"
          path: "path/to/mount/the/key"

Check your knowledge

1.

Why should we use ConfigMaps?

2.

How can you use ConfigMaps in an application?

3.

Is the namespace a limitation for ConfigMaps?