Everyone needs to configure applications. In Docker we were using –env or –env-file for this no matter if we are working with sensitive information or just plain configuration.
Kubernetes provides us two separate objects for these use cases.The first one is ConfigMaps, which we can use for storing general configuration.The second one is Secrets, which as the name suggests is for storing sensitive information.The two are quite similar in usage and support a variety of use cases.
What is ConfigMap?
Kubernetes allows separating configuration options into a separate object called a ConfigMap, which is a map containing key-value pairs with the values ranging from short literals to full config files. ConfigMaps are an essential part of any Kubernetes cluster, which provides a robust method to store simple application or container data which can be frequently accessed. ConfigMaps are Kubernetes objects that can draw configuration information from other sources such as directories or files.
The data stored in a configmap cannot exceed 1MiB. If the data is more than this value, then we should use mounting a volume or use a separate database or file service.
How to create ConfigMap:
There are three ways by which we can create a configmap:
- Creating ConfigMaps from Directories:
We can use the following command to create ConfigMap directories.
First, let’s create a directory using this command-
Then we will download the required sample files to the directory. These files will be used to generate the ConfigMap.
When creating ConfigMaps using directories, the most important thing you should take care is that you have to correctly define the key-value pairs within each file. This command will package the files within the specified directory and create a ConfigMap file.
We can use the kubectl describe command to view the ConfigMap file.
- Creating ConfigMaps from files:
In the same way, we can also create ConfigMaps using files by using the –from-file parameter to point to a single file in the kubectl create configmap command.
We can describe configmap by-
We can use multiple –from-file if we want to create a single ConfigMap file using several different files.
- Creating ConfigMaps from an environment file:
In Kubernetes users can create ConfigMaps using env files. We can use the –from-env-file argument when defining an env file. This argument can also be used multiple times if you want to define multiple env files.
- Creating a ConfigMap from a file with a predefined key
When creating a ConfigMap, we will use –from-file argument to define a key name that will overwrite the file name used in the data section.
The following example demonstrates how to define a key while creating a ConfigMap.
- Creating ConfigMaps from values
Another way is to create ConfigMaps by providing literal values as parameters in the create configmap command. For this, we can use the –from-literal argument to pass each key pair.
What are Secrets?
Think about the situation if you want to store your sensitive data such as username, passwords which needs security.Therefore,to store and distribute such information, Kubernetes provides a separate object called secret. Secrets are much like ConfigMaps they also use to map that hold key-value pairs.
- Creating secrets by kubectl command:
Let’s first create two files and store admin and passwords.
And then create and get secret by using this command-
- Creating manifest file for secret:
And then run the following command:
The Main Difference between the two:
The big difference between Secrets and ConfigMaps is that Secrets uses Base64 encoding i.e it provides encryption. ConfigMaps do not provide any kind of encryption, and all the data in them is visible to anyone who has access to the file. It is good practice to use Secrets for confidential data (like API keys) and ConfigMaps for non-confidential data (like port numbers).
Conclusion:
In this blog, we have learned about Kubernetes ConfigMaps and secrets, including multiple ways that can be used to create ConfigMaps and secrets and how to utilize this in a Kubernetes Pod. If you liked this blog, do share it with your friends.Thank You for being here with me till the end.
Happy learning!