Understanding ConfigMaps

Many applications require configuration using some combination of configuration files, command line arguments, and environment variables. In OpenShift Dedicated, these configuration artifacts are decoupled from image content in order to keep containerized applications portable.

The ConfigMap object provides mechanisms to inject containers with configuration data while keeping containers agnostic of OpenShift Dedicated. A ConfigMap can be used to store fine-grained information like individual properties or coarse-grained information like entire configuration files or JSON blobs.

The ConfigMap API object holds key-value pairs of configuration data that can be consumed in Pods or used to store configuration data for system components such as controllers. For example:

ConfigMap Object Definition
kind: ConfigMap
apiVersion: v1
metadata:
  creationTimestamp: 2016-02-18T19:14:38Z
  name: example-config
  namespace: default
data: (1)
  example.property.1: hello
  example.property.2: world
  example.property.file: |-
    property.1=value-1
    property.2=value-2
    property.3=value-3
binaryData:
  bar: L3Jvb3QvMTAw (2)
1 Contains the configuration data.
2 Points to a file that contains non-UTF8 data, for example, a binary Java keystore file. Enter the file data in Base 64.

You can use the binaryData field when you create a ConfigMap from a binary file, such as an image.

Configuration data can be consumed in Pods in a variety of ways. A ConfigMap can be used to:

  • Populate environment variable values in containers

  • Set command-line arguments in a container

  • Populate configuration files in a volume

Users and system components can store configuration data in a ConfigMap.

A ConfigMap is similar to a secret, but designed to more conveniently support working with strings that do not contain sensitive information.

ConfigMap restrictions

A ConfigMap must be created before its contents can be consumed in Pods.

Controllers can be written to tolerate missing configuration data. Consult individual components configured by using ConfigMaps on a case-by-case basis.

ConfigMap objects reside in a project.

They can only be referenced by Pods in the same project.

The Kubelet only supports the use of a ConfigMap for Pods it gets from the API server.

This includes any Pods created by using the CLI, or indirectly from a replication controller. It does not include Pods created by using the OpenShift Dedicated node’s --manifest-url flag, its --config flag, or its REST API because these are not common ways to create Pods.

Creating a ConfigMap

You can use the following command to create a ConfigMap from directories, specific files, or literal values.

Procedure
  • Create a ConfigMap:

$ oc create configmap <configmap_name> [options]

Creating a ConfigMap from a directory

You can create a ConfigMap from a directory. This method allows you to use multiple files within a directory to create a ConfigMap.

Procedure

The following example procedure outlines how to create a ConfigMap from a directory.

  1. Start with a directory with some files that already contain the data with which you want to populate a ConfigMap:

    $ ls example-files
    Example output
    game.properties
    ui.properties
    $ cat example-files/game.properties
    Example output
    enemies=aliens
    lives=3
    enemies.cheat=true
    enemies.cheat.level=noGoodRotten
    secret.code.passphrase=UUDDLRLRBABAS
    secret.code.allowed=true
    secret.code.lives=30
    $ cat example-files/ui.properties
    Example output
    color.good=purple
    color.bad=yellow
    allow.textmode=true
    how.nice.to.look=fairlyNice
  2. Create a ConfigMap holding the content of each file in this directory by entering the following command:

    $ oc create configmap game-config \
        --from-file=example-files/

    When the --from-file option points to a directory, each file directly in that directory is used to populate a key in the ConfigMap, where the name of the key is the file name, and the value of the key is the content of the file.

    For example, the previous command creates the following ConfigMap:

    $ oc describe configmaps game-config
    Example output
    Name:           game-config
    Namespace:      default
    Labels:         <none>
    Annotations:    <none>
    
    Data
    
    game.properties:        158 bytes
    ui.properties:          83 bytes

    You can see that the two keys in the map are created from the file names in the directory specified in the command. Because the content of those keys might be large, the output of oc describe only shows the names of the keys and their sizes.

  3. Enter the oc get command for the object with the -o option to see the values of the keys:

    $ oc get configmaps game-config -o yaml
    Example output
    apiVersion: v1
    data:
      game.properties: |-
        enemies=aliens
        lives=3
        enemies.cheat=true
        enemies.cheat.level=noGoodRotten
        secret.code.passphrase=UUDDLRLRBABAS
        secret.code.allowed=true
        secret.code.lives=30
      ui.properties: |
        color.good=purple
        color.bad=yellow
        allow.textmode=true
        how.nice.to.look=fairlyNice
    kind: ConfigMap
    metadata:
      creationTimestamp: 2016-02-18T18:34:05Z
      name: game-config
      namespace: default
      resourceVersion: "407"-
      selflink: /api/v1/namespaces/default/configmaps/game-config
      uid: 30944725-d66e-11e5-8cd0-68f728db1985

Creating a ConfigMap from a file

You can create a ConfigMap from a file.

Procedure

The following example procedure outlines how to create a ConfigMap from a file.

If you create a configmap from a file, you can include files containing non-UTF8 data that are placed in this field without corrupting the non-UTF8 data. OpenShift Dedicated detects binary files and transparently encodes the file as MIME. On the server, the MIME payload is decoded and stored without corrupting the data.

You can pass the --from-file option multiple times to the CLI. The following example yields equivalent results to the creating from directories example.

  1. Create the ConfigMap specifying a specific file:

    $ oc create configmap game-config-2 \
        --from-file=example-files/game.properties \
        --from-file=example-files/ui.properties
  2. Verify the results:

    $ oc get configmaps game-config-2 -o yaml
    Example output
    apiVersion: v1
    data:
      game.properties: |-
        enemies=aliens
        lives=3
        enemies.cheat=true
        enemies.cheat.level=noGoodRotten
        secret.code.passphrase=UUDDLRLRBABAS
        secret.code.allowed=true
        secret.code.lives=30
      ui.properties: |
        color.good=purple
        color.bad=yellow
        allow.textmode=true
        how.nice.to.look=fairlyNice
    kind: ConfigMap
    metadata:
      creationTimestamp: 2016-02-18T18:52:05Z
      name: game-config-2
      namespace: default
      resourceVersion: "516"
      selflink: /api/v1/namespaces/default/configmaps/game-config-2
      uid: b4952dc3-d670-11e5-8cd0-68f728db1985

You can specify the key to set in a ConfigMap for content imported from a file. This can be set by passing a key=value expression to the --from-file option. For example:

  1. Create the ConfigMap specifying a key-value pair:

    $ oc create configmap game-config-3 \
        --from-file=game-special-key=example-files/game.properties
  2. Verify the results:

    $ oc get configmaps game-config-3 -o yaml
    Example output
    apiVersion: v1
    data:
      game-special-key: |- (1)
        enemies=aliens
        lives=3
        enemies.cheat=true
        enemies.cheat.level=noGoodRotten
        secret.code.passphrase=UUDDLRLRBABAS
        secret.code.allowed=true
        secret.code.lives=30
    kind: ConfigMap
    metadata:
      creationTimestamp: 2016-02-18T18:54:22Z
      name: game-config-3
      namespace: default
      resourceVersion: "530"
      selflink: /api/v1/namespaces/default/configmaps/game-config-3
      uid: 05f8da22-d671-11e5-8cd0-68f728db1985
    1 This is the key that you set in the preceding step.

Creating a ConfigMap from literal values

You can supply literal values for a ConfigMap.

Procedure

The --from-literal option takes a key=value syntax that allows literal values to be supplied directly on the command line.

  1. Create a ConfigMap specifying a literal value:

    $ oc create configmap special-config \
        --from-literal=special.how=very \
        --from-literal=special.type=charm
  2. Verify the results:

    $ oc get configmaps special-config -o yaml
    Example output
    apiVersion: v1
    data:
      special.how: very
      special.type: charm
    kind: ConfigMap
    metadata:
      creationTimestamp: 2016-02-18T19:14:38Z
      name: special-config
      namespace: default
      resourceVersion: "651"
      selflink: /api/v1/namespaces/default/configmaps/special-config
      uid: dadce046-d673-11e5-8cd0-68f728db1985

Use Cases: Consuming ConfigMaps in Pods

The following sections describe some uses cases when consuming ConfigMap objects in pods.

Populating environment variables in containers by using ConfigMaps

ConfigMaps can be used to populate individual environment variables in containers or to populate environment variables in containers from all keys that form valid environment variable names.

As an example, consider the following ConfigMaps:

ConfigMap with two environment variables
apiVersion: v1
kind: ConfigMap
metadata:
  name: special-config (1)
  namespace: default (2)
data:
  special.how: very (3)
  special.type: charm (3)
1 Name of the ConfigMap.
2 The project in which the ConfigMap resides. ConfigMaps can only be referenced by Pods in the same project.
3 Environment variables to inject.
ConfigMap with one environment variable
apiVersion: v1
kind: ConfigMap
metadata:
  name: env-config (1)
  namespace: default
data:
  log_level: INFO (2)
1 Name of the ConfigMap.
2 Environment variable to inject.
Procedure
  • You can consume the keys of this ConfigMap in a Pod using configMapKeyRef sections.

    Sample Pod specification configured to inject specific environment variables
    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-test-pod
    spec:
      containers:
        - name: test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "-c", "env" ]
          env: (1)
            - name: SPECIAL_LEVEL_KEY (2)
              valueFrom:
                configMapKeyRef:
                  name: special-config (3)
                  key: special.how (4)
            - name: SPECIAL_TYPE_KEY
              valueFrom:
                configMapKeyRef:
                  name: special-config (3)
                  key: special.type (4)
                  optional: true (5)
          envFrom: (6)
            - configMapRef:
                name: env-config (7)
      restartPolicy: Never
    1 Stanza to pull the specified environment variables from a ConfigMap.
    2 Name of a Pod environment variable that you are injecting a key’s value into.
    3 Name of the ConfigMap to pull specific environment variables from.
    4 Environment variable to pull from the ConfigMap.
    5 Makes the environment variable optional. As optional, the Pod will be started even if the specified ConfigMap and keys do not exist.
    6 Stanza to pull all environment variables from a ConfigMap.
    7 Name of the ConfigMap to pull all environment variables from.

    When this Pod is run, the Pod logs will include the following output:

    SPECIAL_LEVEL_KEY=very
    log_level=INFO

SPECIAL_TYPE_KEY=charm is not listed in the example output because optional: true is set.

Setting command-line arguments for container commands with ConfigMaps

A ConfigMap can also be used to set the value of the commands or arguments in a container. This is accomplished by using the Kubernetes substitution syntax $(VAR_NAME). Consider the following ConfigMaps:

apiVersion: v1
kind: ConfigMap
metadata:
  name: special-config
  namespace: default
data:
  special.how: very
  special.type: charm
Procedure
  • To inject values into a command in a container, you must consume the keys you want to use as environment variables, as in the consuming ConfigMaps in environment variables use case. Then you can refer to them in a container’s command using the $(VAR_NAME) syntax.

    Sample Pod specification configured to inject specific environment variables
    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-test-pod
    spec:
      containers:
        - name: test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ] (1)
          env:
            - name: SPECIAL_LEVEL_KEY
              valueFrom:
                configMapKeyRef:
                  name: special-config
                  key: special.how
            - name: SPECIAL_TYPE_KEY
              valueFrom:
                configMapKeyRef:
                  name: special-config
                  key: special.type
      restartPolicy: Never
    1 Inject the values into a command in a container using the keys you want to use as environment variables.

    When this Pod is run, the output from the echo command run in the test-container container is as follows:

    very charm

Injecting content into a volume by using ConfigMaps

You can inject content into a volume by using ConfigMaps.

Example ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: special-config
  namespace: default
data:
  special.how: very
  special.type: charm
Procedure

You have a couple different options for injecting content into a volume by using ConfigMaps.

  • The most basic way to inject content into a volume by using a ConfigMap is to populate the volume with files where the key is the file name and the content of the file is the value of the key:

    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-test-pod
    spec:
      containers:
        - name: test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "cat", "/etc/config/special.how" ]
          volumeMounts:
          - name: config-volume
            mountPath: /etc/config
      volumes:
        - name: config-volume
          configMap:
            name: special-config (1)
      restartPolicy: Never
    1 File containing key.

    When this pod is run, the output of the cat command will be:

    very
  • You can also control the paths within the volume where ConfigMap keys are projected:

    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-test-pod
    spec:
      containers:
        - name: test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "cat", "/etc/config/path/to/special-key" ]
          volumeMounts:
          - name: config-volume
            mountPath: /etc/config
      volumes:
        - name: config-volume
          configMap:
            name: special-config
            items:
            - key: special.how
              path: path/to/special-key (1)
      restartPolicy: Never
    1 Path to ConfigMap key.

    When this pod is run, the output of the cat command will be:

    very