Kubernetes: ConfigMaps and Secrets

Kubernetes solved the problem of externalizing configurations with ConfigMaps (for non-sensitive information) and Secrets (for sensitive information).  This blog is about creating Kubernetes ConfigMaps and Secrets for your microservices. I am going to be using my express sample application from https://github.com/vidhyachari/kubernetes-config.git. Also I am using my single node Kubernetes cluster on Minikube and PowerShell for all my commands. Let’s get started !


An application’s configuration changes between environments namely development, test, production and so on. You want your application to be portable between environments. This requires storing the configurations outside of the application. Kubernetes ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. ConfigMaps can be used to store database connection string information such as database name, port number, server information and AMQ broker names, AMQ queue/topic names etc.

Add the below code to the application’s server.js file:


Add the below code to the deployment config file.


Build docker image for your hello-express application with the below command:

docker build -t hello-express:latest .

Run command “docker images“. You should see the hello-express image as below:


I am going to define the port (8081) for my application via the configmap. Also I am defining a dummy string called stringval with some value. Now create the express-configmap.yaml as below:


Create the configmap with the below command:

kubectl create -f ./kubernetes-configurations/express-configmap.yaml


Create the deployment and service for the application as below:

kubectl create -f ./kubernetes-templates-yaml/deployment.yaml

kubectl create -f ./kubernetes-templates-yaml/service.yaml

List all the running pods using command “kubectl get pods” as shown below:


The below command will show the logs for the running hello-express pod:

kubectl logs hello-express-1111023652-ksns7


The port number the application is listening on was picked up from the configMap. You also see the string “ConfigMap Test” beeing printed in the logs that was defined in the configMap.

Display the contents of the configmap with the below command:

kubectl describe configmap express-configmap


Run command “minikube service hello-express“. This opens up the browser with your exposed service URL. Navigate to



Secrets are used for storing sensitive information like passwords, keys, tokens etc. Kubernetes creates and uses some secrets automatically (e.g. for accessing the API from a pod), but you can also create your own secret very easily. Secrets are obfuscated with a Base64 encoding.

Add the below code to server.js file to print the API_TOKEN value:


Note:  I am printing the secret on the console. This is just for demonstration purpose.

Add the below code to express-secrets.yaml file:


Create the secret with below command:

kubectl create -f ./kubernetes-configurations/express-secrets.yaml


Display the contents of the secret:

kubectl describe secret express-secrets


Run  “kubectl get pods” to list all the running pods.


Run the below command to see the logs for hello-express pod:

kubectl logs hello-express-1513590506-kfzr4


The value of the secret is picked up from the secret yaml file and printed on the console.

That’s all it takes to externalize your configurations !


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s