Using config maps with applications

Config maps allow you to decouple configuration artifacts from image content to keep containerized applications portable.

The following sections define config maps and how to create and use them.

For information on creating config maps, see Creating and using config maps.

Understanding config maps

Many applications require configuration by using some combination of configuration files, command line arguments, and environment variables. In OKD, these configuration artifacts are decoupled from image content to keep containerized applications portable.

The ConfigMap object provides mechanisms to inject containers with configuration data while keeping containers agnostic of OKD. A config map can be used to store fine-grained information like individual properties or coarse-grained information like entire configuration files or JSON blobs.

The ConfigMap object holds key-value pairs of configuration data that can be consumed in pods or used to store configuration data for system components such as controllers. For example:

ConfigMap Object Definition

  1. kind: ConfigMap
  2. apiVersion: v1
  3. metadata:
  4.   creationTimestamp: 2016-02-18T19:14:38Z
  5.   name: example-config
  6.   namespace: my-namespace
  7. data: (1)
  8.   example.property.1: hello
  9.   example.property.2: world
  10.   example.property.file: |-
  11.     property.1=value-1
  12.     property.2=value-2
  13.     property.3=value-3
  14. binaryData:
  15.   bar: L3Jvb3QvMTAw (2)
1Contains the configuration data.
2Points to a file that contains non-UTF8 data, for example, a binary Java keystore file. Enter the file data in Base 64.

You can use the binaryData field when you create a config map from a binary file, such as an image.

Configuration data can be consumed in pods in a variety of ways. A config map can be used to:

  • Populate environment variable values in containers

  • Set command-line arguments in a container

  • Populate configuration files in a volume

Users and system components can store configuration data in a config map.

A config map is similar to a secret, but designed to more conveniently support working with strings that do not contain sensitive information.

Config map restrictions

A config map must be created before its contents can be consumed in pods.

Controllers can be written to tolerate missing configuration data. Consult individual components configured by using config maps on a case-by-case basis.

ConfigMap objects reside in a project.

They can only be referenced by pods in the same project.

The Kubelet only supports the use of a config map for pods it gets from the API server.

This includes any pods created by using the CLI, or indirectly from a replication controller. It does not include pods created by using the OKD node’s --manifest-url flag, its --config flag, or its REST API because these are not common ways to create pods.

Use cases: Consuming config maps in pods

The following sections describe some uses cases when consuming ConfigMap objects in pods.

Populating environment variables in containers by using config maps

You can use config maps to populate individual environment variables in containers or to populate environment variables in containers from all keys that form valid environment variable names.

As an example, consider the following config map:

ConfigMap with two environment variables

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: special-config (1)
  5.   namespace: default (2)
  6. data:
  7.   special.how: very (3)
  8.   special.type: charm (3)
1Name of the config map.
2The project in which the config map resides. Config maps can only be referenced by pods in the same project.
3Environment variables to inject.

ConfigMap with one environment variable

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: env-config (1)
  5.   namespace: default
  6. data:
  7.   log_level: INFO (2)
1Name of the config map.
2Environment variable to inject.

Procedure

  • You can consume the keys of this ConfigMap in a pod using configMapKeyRef sections.

    Sample Pod specification configured to inject specific environment variables

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   name: dapi-test-pod
    5. spec:
    6.   containers:
    7.     - name: test-container
    8.       image: gcr.io/google_containers/busybox
    9.       command: [ "/bin/sh", "-c", "env" ]
    10.       env: (1)
    11.         - name: SPECIAL_LEVEL_KEY (2)
    12.           valueFrom:
    13.             configMapKeyRef:
    14.               name: special-config (3)
    15.               key: special.how (4)
    16.         - name: SPECIAL_TYPE_KEY
    17.           valueFrom:
    18.             configMapKeyRef:
    19.               name: special-config (3)
    20.               key: special.type (4)
    21.               optional: true (5)
    22.       envFrom: (6)
    23.         - configMapRef:
    24.             name: env-config (7)
    25.   restartPolicy: Never
    1Stanza to pull the specified environment variables from a ConfigMap.
    2Name of a pod environment variable that you are injecting a key’s value into.
    3Name of the ConfigMap to pull specific environment variables from.
    4Environment variable to pull from the ConfigMap.
    5Makes the environment variable optional. As optional, the pod will be started even if the specified ConfigMap and keys do not exist.
    6Stanza to pull all environment variables from a ConfigMap.
    7Name of the ConfigMap to pull all environment variables from.

    When this pod is run, the pod logs will include the following output:

    1. SPECIAL_LEVEL_KEY=very
    2. log_level=INFO

SPECIAL_TYPE_KEY=charm is not listed in the example output because optional: true is set.

Setting command-line arguments for container commands with config maps

You can use a config map to set the value of the commands or arguments in a container by using the Kubernetes substitution syntax $(VAR_NAME).

As an example, consider the following config map:

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: special-config
  5.   namespace: default
  6. data:
  7.   special.how: very
  8.   special.type: charm

Procedure

  • To inject values into a command in a container, you must consume the keys you want to use as environment variables. Then you can refer to them in a container’s command using the $(VAR_NAME) syntax.

    Sample pod specification configured to inject specific environment variables

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   name: dapi-test-pod
    5. spec:
    6.   containers:
    7.     - name: test-container
    8.       image: gcr.io/google_containers/busybox
    9.       command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ] (1)
    10.       env:
    11.         - name: SPECIAL_LEVEL_KEY
    12.           valueFrom:
    13.             configMapKeyRef:
    14.               name: special-config
    15.               key: special.how
    16.         - name: SPECIAL_TYPE_KEY
    17.           valueFrom:
    18.             configMapKeyRef:
    19.               name: special-config
    20.               key: special.type
    21.   restartPolicy: Never
    1Inject the values into a command in a container using the keys you want to use as environment variables.

    When this pod is run, the output from the echo command run in the test-container container is as follows:

    1. very charm

Injecting content into a volume by using config maps

You can inject content into a volume by using config maps.

Example ConfigMap custom resource (CR)

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: special-config
  5.   namespace: default
  6. data:
  7.   special.how: very
  8.   special.type: charm

Procedure

You have a couple different options for injecting content into a volume by using config maps.

  • The most basic way to inject content into a volume by using a config map is to populate the volume with files where the key is the file name and the content of the file is the value of the key:

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   name: dapi-test-pod
    5. spec:
    6.   containers:
    7.     - name: test-container
    8.       image: gcr.io/google_containers/busybox
    9.       command: [ "/bin/sh", "-c", "cat", "/etc/config/special.how" ]
    10.       volumeMounts:
    11.       - name: config-volume
    12.         mountPath: /etc/config
    13.   volumes:
    14.     - name: config-volume
    15.       configMap:
    16.         name: special-config (1)
    17.   restartPolicy: Never
    1File containing key.

    When this pod is run, the output of the cat command will be:

    1. very

  • You can also control the paths within the volume where config map keys are projected:

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   name: dapi-test-pod
    5. spec:
    6.   containers:
    7.     - name: test-container
    8.       image: gcr.io/google_containers/busybox
    9.       command: [ "/bin/sh", "-c", "cat", "/etc/config/path/to/special-key" ]
    10.       volumeMounts:
    11.       - name: config-volume
    12.         mountPath: /etc/config
    13.   volumes:
    14.     - name: config-volume
    15.       configMap:
    16.         name: special-config
    17.         items:
    18.         - key: special.how
    19.           path: path/to/special-key (1)
    20.   restartPolicy: Never
    1Path to config map key.

    When this pod is run, the output of the cat command will be:

    1. very