Kubernetes 101 : ConfigMap and Secret

 Configuration files:

There are some applications that use a configuration file that contain for example, the ports to use, the allowed hosts, path to other components of the application, timeout paramater,....

In case we change a parameter in the configuration file and if the configuration file lives inside the application, we would need to rebuild  the application's image, push it to the repository, then pull it again.

To make the process easier, kubernetes uses a component called configMap.


A configMap is an external configuration file that doesn't live inside the application.

We connect the configMap to the pod by mounting it, so the pod can retrieve the parameters from the configMap file.

ConfigMap is created using a YAML file:

You can see the data is organized in terms of key, value.

Below the configMap information in the pod configuration file:

The configMap file is mounted inside the container in the mountPath, it is also mounted to the pod (Volumes section above).

When we want to change a parameter in an application, we just change it in the configMap file, we don't have to rebuild the whole image of the application.


A configuration file could contain critical data, like passwords and because configMap stores data in plain text, we can't use it for passwords or data that needs to be secured.

For this reason we use another kubernetes component called secret.

Secret file stores data in an encrypted format.

Below the YAML configuration file of the secret:

We can see the data is in an encrypted format.

We can connect the secret to the pod the same way we connect the configMap by mounting it on the pod and container, as you can see in the pod's configuration file below:

The secret file is mounted inside the container on the mountPath, it is also mounted onto the pod (Volumes section).



Leave as a comment: