Kubernetes - ConfigMaps

Kubernetes allows you to run and manage applications in containers. However, when you need to update configurations like usernames, passwords, or URLs without modifying the application code, ConfigMaps provide an efficient solution. ConfigMaps separate application configuration from the application itself, making it easier to update or manage settings without restarting or altering the code.

In this article, you will learn what ConfigMaps are, and how to create and use them effectively in Kubernetes

What are Kubernetes ConfigMaps?

In Kubernetes, ConfigMap is an API object used to store non-confidential configuration data as key-value pairs. It allows you to separate configuration data from application code, making your applications more portable and environment-independent.

ConfigMaps can be used in multiple ways:

• As environment variables.
• As command-line arguments.
• As configuration files mounted inside the container.

This separation allows you to use the same container image across different environments (like local development or cloud) by simply changing the configuration. For example, you can set DATABASE_HOST to localhost in your local system, and to a Kubernetes service name in the cloud environment.

It’s important to note that ConfigMap does not provide encryption or secrecy, so it's suitable only for non-sensitive data. If you need to store confidential information, you should use Kubernetes Secrets.

Also, ConfigMap is not meant for large data storage:

• The maximum size limit is 1 MB.
• For larger data storage, you should use Kubernetes Volume

What is a Kubernetes ConfigMap used for?

We know that ConfigMap is an API object that is mainly used to store non-confidential data or configurations for other objects to use. Most of the Kubernetes objects have a specification, but ConfigMap has data and binary data fields. Key value pairs are accepted by these fields as values. The data field is used to store UTF-8 strings, while the binary data field is used to store binary data as base64-encoded strings. A valid DNS subdomain name should be given to ConfigMap. The key value that is recorded in the data field and the key value in the binaryData field cannot both be the same.

Without being available to Pods this way directly, it may be used by other components of the system. Data that is utilized for configuration by other system components may be stored in COnfigMap. ConfigMaps are most commonly used to config settings for containers running in a Pod present in the same namespace. We can even use ConfigMap separately. 

Where are ConfigMaps stored in Kubernetes?

ConfigMaps in Kubernetes are stored as API objects within the Kubernetes cluster's etcd datastore. They are managed by the Kubernetes API server and can be accessed and manipulated using the kubectl command-line tool or Kubernetes API.

How to use Kubernetes ConfigMaps - Examples

To create ConfigMaps in Kubernetes using YAML manifests, ensure the YAML file includes the apiVersion, kind, metadata, and data fields. The data field should contain key-value pairs representing the configuration data. Here's an example YAML manifest for creating a ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: demo-config
data:
  database_host: "172.138.0.1"
  debug_mode: "1"
  log_level: "verbose"

Save this manifest to a file named config.yaml. Then, apply it to your Kubernetes cluster using.

kubectl apply -f config.yaml

This will create the ConfigMap object named demo-config with the specified data in your cluster.

1. Using data and binaryData fields

When defining ConfigMaps in Kubernetes YAML manifests, note that the values within the data field must be strings. However, if you need to store binary data, you can utilize the binaryData field instead. Here's an example illustrating this concept:

apiVersion: v1
kind: ConfigMap
metadata:
  name: binary-config
data:
  text-data: "This is a string value"
binaryData:
  binary-file: |
    U29tZSBiaW5hcnkgZGF0YQ==

In this YAML manifest, the data field contains a string value, while the binaryData field stores binary data represented by a base64-encoded string. This allows you to store both text and binary data within the same ConfigMap object.

2: Listing and inspecting ConfigMaps

To view the ConfigMaps you've created in Kubernetes, you can use the kubectl get command. Here's how you can do it:

kubectl get configmaps

This command will list every ConfigMap in your Kubernetes cluster, along with their names and other pertinent details, when it is executed in your terminal or command prompt.

You can use the kubectl describe command in Kubernetes to view the key-value pairs that are kept in a ConfigMap. This is how you do it:

kubectl describe configmap <configmap-name>

The name of the ConfigMap you wish to investigate should be substituted for <configmap-name>. This command will enable you to confirm the configuration data that has been stored by giving you comprehensive details about the given ConfigMap, including its key-value pairs.

Getting a ConfigMap’s Content as JSON

This command retrieves the ConfigMap named "test-config", extracts its data field, and formats the output using JSONPath. Then, the output is piped to the jq tool for better formatting and readability.

kubectl get configmap <configmap-name> -o=jsonpath='{.data}' | jq

3. Mounting ConfigMaps into Pods as volumes

We must first construct a ConfigMap in order to use it as a file in a pod. The command kubectl create configmap can be used to accomplish this. The ConfigMap must be mounted as a volume in the Pod once it has been generated. The volumes part of the Pod specification can be used to accomplish this.

For instance, the following Pod specification mounts a volume named my-configmap at the path /etc/configmap for a ConfigMap with the name my-configmap:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    volumeMounts:
    - name: configmap-volume
      mountPath: /etc/configmap
  volumes:
  - name: configmap-volume
    configMap:
      name: my-configmap

The containers in the Pod can access the files in the ConfigMap once the ConfigMap has been mounted into the Pod. These files can then be used by the containers to launch and operate.

Here is an illustration of how to use a container to access the files in a ConfigMap:

# Get a list of all the files in the ConfigMap
ls /etc/configmap
# Get the contents of a file in the ConfigMap
cat /etc/configmap/my-file.txt

4. Mounting ConfigMaps into Pods as command line arguments

In Kubernetes, you can mount ConfigMaps into Pods as files and then access those files as command-line arguments. This allows you to pass configuration data to your application without hardcoding it into your container image. Here's how you can achieve this:

1. Mount the ConfigMap into your Pod as a volume.
2. Access the configuration files from the mounted volume as command-line arguments.

Here's an example YAML configuration to illustrate this:

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - name: test-container
    image: <your-app-image>
    command: ["/bin/sh", "-c", "your-app-binary --config /mnt/test-config/config.properties"]
    volumeMounts:
    - name: config-volume
      mountPath: /mnt/test-config
  volumes:
  - name: config-volume
    configMap:
      name: test-config

• A ConfigMap named "test-config" is defined with a single key "config.properties", containing the application configuration.
• The Pod "test-pod" mounts the ConfigMap as a volume at "/mnt/test-config".
• The application container in the Pod executes a command that includes the configuration file "/mnt/test-config/config.properties" as a command-line argument.

5. Using Immutable ConfigMaps

Read-only ConfigMaps that are unmodifiable once created are known as immutable ConfigMaps in Kubernetes. They come in handy when you want to make sure that the configuration data does not alter or become inconsistent during the course of your application. Here is an example of using immutable ConfigMaps:

• Create a ConfigMap with the immutable flag set to true.
• Once created, you cannot modify the data or metadata of the ConfigMap.
• If you need to update the configuration data, create a new ConfigMap with the updated values.
• Update your Pods to use the new ConfigMap.

Here's an example YAML configuration to illustrate using immutable ConfigMaps:

apiVersion: v1
kind: ConfigMap
metadata:
  name: test-config
  annotations:
    immutable: "true" # Set the immutable flag to true
data:
  config.properties: |
    database_url=http://example.com/db
    debug_mode=true
    log_level=debug

kubectl apply -f test-config.yaml

• A ConfigMap named "test-config" is defined with the immutable flag set to true.
• The configuration data is specified under the "data" section as key-value pairs.
• Once created, any attempt to modify the "test-config" ConfigMap will result in an error.
• To update the configuration data, create a new ConfigMap with the desired changes and update your Pods to use the new ConfigMap.

By using immutable ConfigMaps, you can help prevent inadvertent modifications that can compromise the stability of your application and guarantee that its configuration stays consistent and dependable.

Understanding ConfigMap Updates

The configmaps can befig edited by using two ways one is by changing the config maps in the config file and by using the command kubectl edit configmap command. It will open the kubernetes configmaps file and there you can make the changes required in that file.

You can also use kubectl update configmap command. to update the config maps for example as shown below.

kubectl update configmap my-configmap --from-literal=key1=value1 --from-literal=key2=value2

• Data Mutation: Kubernetes applies modifications made to an updated ConfigMap to the current ConfigMap object. This implies that rather than producing a new item, the existing one is altered in-place. The modified configuration data is automatically sent to any pods referencing the updated ConfigMap.
• Pod Updates: When the ConfigMap is updated, pods that use ConfigMaps as environment variables or mount them as volumes are not automatically restarted. Consequently, until they are restarted or terminated, running pods continue to operate under the previous configuration.

How to Set Sensitive Config Values

Because ConfigMaps feature encryption, it isn't recommended to store private or sensitive data on them. ConfigMap data may be accessed by anyone with access to the cluster's etcd datastore. Use Secrets, which are made expressly for the safe transfer and maintaining of private information, for sensitive data.

ConfigMap vs Secrets