Why K8s Secret and ConfigMap are limited to 1MiB in size

Able Lv
2 min readSep 3, 2022

--

TLDR: The limit is 1MB from the etcd side which is where Kubernetes stores its objects. etcd is designed to handle small key value pairs typical for metadata. Larger requests may increase the latency of other requests.

The size of the individual K8s Secret and ConfigMap are limited to 1MiB, according to Kubernetes Documentation:

Secret Size Limit

Individual secrets are limited to 1MiB in size. This is to discourage creation of very large secrets that could exhaust the API server and kubelet memory. However, creation of many smaller secrets could also exhaust memory.

ConfigMap Size Limit

A ConfigMap is not designed to hold large chunks of data. The data stored in a ConfigMap cannot exceed 1 MiB. If you need to store settings that are larger than this limit, you may want to consider mounting a volume or use a separate database or file service.

etcd Rquest Size Limit

etcd is designed to handle small key value pairs typical for metadata. Larger requests will work, but may increase the latency of other requests.

Current etcd version have 1.5MB limit already, with ability to increase it:

By default, the maximum size of any request is 1.5 MiB. This limit is configurable through --max-request-bytes flag for etcd server.

--

--

Able Lv
Able Lv

Written by Able Lv

Cloud Infrastructure Engineer @Airwallex: Kubernetes, DevOps, SRE, Go, Terraform, Istio, and Cloud-Native stuff