Main objective of Configuration

Kubernetes resources hold application configuration and secrets and make that configuration available to running applications.

Externalizing Application Configuration in Kubernetes

When deploying applications to Kubernetes, configuration management presents a challenge due to the immutable nature of containers. When running containerized applications, decoupling application and configuration code is of a higher priority than in traditional deployments. The recommended approach for containerized applications is to decouple the static application binaries from the dynamic configuration data and externalize the configuration. This separation ensures the portability of applications across many environments.

You must use the same application container image in all stages and have the configuration details specific to each environment outside the container image.

Secrets and Configuration Maps

It is important to create secrets to avoid compromising credentials and other sensitive information in your application. There are different secret types that enforce usernames and keys in the secret object. Some of them are: service account token, basic-auth, ssh-auth, tls, and opaque.

Configuration map resources are similar to secret resources, but they store nonsensitive data.

FEATURES

They can be referenced independently of their definition.

For security reasons, mounted volumes for these resources are backed by a temporary file storage facilities (tmpfs) and never stored on a node.

They are scoped to a namespace.

Deployments in Kubernetes can include resource limits to ensure the application gets enough resources or is restricted from using too many.