Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kubernetes Secrets vs ConfigMaps

Tags:

kubernetes

Have been using Kubernetes secrets up to date. Now we have ConfigMaps as well.

What is the preferred way forward - secrets or config maps?

P.S. After a few iterations we have stabilised at the following rule:

  • configMaps are per solution domain (can be shared across microservices within the domain, but ultimately are single purpose config entries)

  • secrets are shared across solution domains, usually represent third party systems or databases

like image 242
Evgeny Minkevich Avatar asked Apr 28 '16 10:04

Evgeny Minkevich

People also ask

What is ConfigMaps in Kubernetes?

A ConfigMap is an API object that lets you store configuration for other objects to use. Unlike most Kubernetes objects that have a spec , a ConfigMap has data and binaryData fields. These fields accept key-value pairs as their values. Both the data field and the binaryData are optional.

Can we use secret in ConfigMap?

Functions can access Kubernetes Secrets and ConfigMaps. Use secrets for things like API keys, authentication tokens, and so on. Use config maps for any other configuration that doesn't need to be a secret.

What is the point of Kubernetes secrets?

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

What is config and secret in Kubernetes?

Kubernetes has two types of objects that can inject configuration data into a container when it starts up: Secrets and ConfigMaps. Secrets and ConfigMaps behave similarly in Kubernetes, both in how they are created and because they can be exposed inside a container as mounted files or volumes or environment variables.

2 Answers

I'm the author of both of these features. The idea is that you should:

  1. Use Secrets for things which are actually secret like API keys, credentials, etc
  2. Use ConfigMaps for not-secret configuration data

In the future, there will likely be some differentiators for secrets like rotation or support for backing the secret API w/ HSMs, etc. In general, we like intent-based APIs, and the intent is definitely different for secret data vs. plain old configs.

Hope that helps.

like image 138
Paul Morie Avatar answered Oct 06 '22 19:10

Paul Morie

One notable difference in the implementation is that kubectl apply -f:

  • ConfigMaps are "unchanged" if the data hasn't changed.
  • Secrets are always "configured" - even if the file hasn't changed
like image 36
Michael Cole Avatar answered Oct 06 '22 19:10

Michael Cole
Sign in to Comment

Related questions

Pod status as `CreateContainerConfigError` in Minikube cluster
Could not find default credentials
How can I list the taints on Kubernetes nodes?
Difference between Kubernetes and Service Fabric
Kubernetes: how to debug CrashLoopBackOff
Kubernetes: modify a secret using kubectl?
Expose port in minikube
How to upgrade minikube?
How to Add Users to Kubernetes (kubectl)?
Kubernetes size definitions: What's the difference of "Gi" and "G"?
How to share storage between Kubernetes pods?
Pull a local image to run a pod in Kubernetes
How to debug when Kubernetes nodes are in 'Not Ready' state
Scale down Kubernetes pods
How to completely uninstall kubernetes
How to get Kubernetes cluster name from K8s API
Kubernetes create deployment unexpected SchemaError
How to rolling restart pods without changing deployment yaml in kubernetes?
standard_init_linux.go:211: exec user process caused "exec format error"
Replication Controller VS Deployment in Kubernetes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!