Configuration management

ConfigMap

kubectl create cm -h # Check the configuration information

Secret

Same as ConfigMap but use Base64 to encode (not commonly used，not secure as it can be easily decoded)

kubectl create secret -h # Check the configuration information

SubPath

When mounting a ConfigMap or Secret to a directory in a container, the operation will overwrite the entire target directory by default. If you only need to replace a specific file within that directory rather than the entire contents, you can use the subPath attribute to achieve this more granular file replacement.

1. Define Volumes with Specific Items:

Add the items attribute under volumes. Specify the key (the ConfigMap or Secret key) and the path (target file name inside the volume). Note: the path value should not start with /.

2. Mount in volumeMounts with subPath: In volumeMounts, specify the subPath attribute, setting its value to match items.path in the volumes definition.

---
containers:
  - name: your-container
    volumeMounts:
      - name: your-volume
        mountPath: /path/in/container/target-file
        subPath: specific-file  # matches path defined in volumes
volumes:
  - name: your-volume
    configMap:
      name: your-configmap
      items:
        - key: config-key
          path: specific-file  # path within the volume, not starting with /

Info

For sensitive service configuration files, it is often prohibited to make changes in a production environment. In such cases, you can set immutable: true when defining a ConfigMap to prevent any modifications to its data.