Kubernetes: ConfigMaps

In Kubernetes, ConfigMaps provide a way to store configuration data in key-value pairs separately from the application code. They can be consumed by pods as environment variables, command-line arguments, or as configuration files in a volume. It is important to note that ConfigMaps should not be used to store confidential or sensitive data because it stores plain text in etcd. To use ConfigMaps in Kubernetes, first create a ConfigMap object, and then inject it into the Pod by referencing it in the Pod manifest file.

Kubernetes: ConfigMaps

Table of Contents

· ConfigMaps
  ∘ Analogy(Well-organized pantry)
· Short Name: cm
· Do Not Store Confidential Data
· ConfigMaps with YAML
  ∘ 1. Creat a ConfigMap Object
  ∘ 2. Inject ConfigMap into Pod
· Commands

ConfigMaps

In Kubernetes, a ConfigMap is an API resource used to store configuration data in key-value pairs. The ConfigMap allows you to separate your configuration from your application code, making it easier to manage and modify the configuration independently of the application code.

Pods can leverage ConfigMap in different ways, such as by using them as environment variables, passing them as command-line arguments, or mounting them as configuration files in a volume.

Analogy(Well-organized pantry)

In a busy restaurant kitchen, a chef needs to keep track of a wide variety of ingredients for their diverse menu. Trying to keep all of these ingredients organized and easily accessible can be overwhelming and lead to errors. That’s where a well-organized pantry with labeled containers comes in handy. Each container in the pantry is labeled with its contents, allowing the chef to easily find and use the ingredients they need for a particular dish. Similarly, in Kubernetes, a ConfigMap is like a pantry for your application’s configuration data. By storing your configuration separately in a ConfigMap, you can easily access and manage it, making it less prone to errors and easier to update when needed.

Short Name: cm

$ kubectl api-resources
NAME          SHORTNAMES   APIVERSION    NAMESPACED   KIND
configmaps    cm           v1            true         ConfigMap

Do Not Store Confidential Data

Do not store confidential data in ConfigMap

ConfigMaps are not designed to store confidential or sensitive data as they are not encrypted and can be accessed by any user with appropriate permissions. ConfigMaps are stored in plain text in etcd, which is a key-value store used by Kubernetes to store its data. This makes it vulnerable to unauthorized access and potential security breaches.

Instead, Kubernetes provides a separate resource called “Secrets” to store confidential data like passwords, tokens, or private keys. Secrets are encoded and stored in a similar way to ConfigMaps but are protected with additional security measures to prevent unauthorized access. It is recommended to use Secrets instead of ConfigMaps to store confidential or sensitive data.

ConfigMaps with YAML

Two steps to use ConfigMap in Kubernetes.

ConfigMap with YAML

1. Creat a ConfigMap Object

configmap.yaml

apiVersion: v1
kind: ConfigMap
metedata:
  name: <configMap_name>
data:
  <key1>: <value1>
  <key2>: <value2>
        :
  <keyM>: <valueM>

Run kubectl create command to create a ConfigMap object.

2. Inject ConfigMap into Pod

2.1 Environment variables

• Configure with all key-value pairs in a ConfigMap

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: <pod_name>
  labels:
    <key1>: <value1>
    <key2>: <value2>
           :
           :
    <keyN>: <valueN>
spec:
  containers:
    - name: <container_name>
      image: <image>
      envFrom:
      - configMapRef:
          name: <configMap_name>

• Configure with a specified key-value pair from a ConfigMap

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: <pod_name>
  labels:
    <key1>: <value1>
    <key2>: <value2>
           :
           :
    <keyN>: <valueN>
spec:
  containers:
    - name: <container_name>
      image: <image>
      env:
        - name: <environment_variable_name>
          valueFrom:
            configMapKeyRef:
              name: <configMap_name>
              key: <key_in_configMap>

2.2 Volume

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: <pod_name>
  labels:
    <key1>: <value1>
    <key2>: <value2>
           :
           :
    <keyN>: <valueN>
spec:
  containers:
    - name: <container_name>
      image: <image>
      volumeMounts:
        - name: <volume_name>
          mountPath: <mount_path>
  volumes:
    - name: <volume_name>
      configMap:
        name: <configMap_name>

Commands

configMap commands

1. Create a new ConfigMap from literal values

$ kubectl create configmap <configMap_name> --from-literal=<key1>=<value1> 
  --from-literal=<key2>=<value2>

2. Create a new ConfigMap from a file located at the specified path

$  kubectl create configmap <configMap_name> --from-file=<path_to_file>

3. Create a new ConfigMap by specifying a manifest file containing the ConfigMap definition

$  kubectl create -f <configMap_name>.yaml

3. List all the ConfigMaps in the current namespace

$ kubectl get configmaps

4. View detailed information about the specified ConfigMap

$ kubectl describe configmap <configMap_name>

5. Open the specified ConfigMap in a text editor and modify its key-value pairs

$ kubectl edit configmap <configMap_name>

6. Delete the specified ConfigMap

$ kubectl delete configmap <configMap_name>

These are my personal notes for CKA exam preparation on Kubernetes. Please feel free to correct me if you notice any errors. 😊

Related Stories:

• Kubernetes: Understanding Kubernetes Architecture through a Restaurant Chef’s Analogy
• Kubernetes: Secrets

Reference:

ConfigMaps

Configure a Pod to Use a ConfigMap