kubernetes-101-configmap-secrets
Kubernetes 101 - ConfigMap & Secrets
January 5, 2023
Andrei Saizu

ūüĒĶ ConfigMap

A ConfigMap is used to store non-confidential data in key-value pairs.

They allow decoupling of environment-specific configuration from container images, so that the applications are easily portable.

Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

Definition:

apiVersion: v1

kind: ConfigMap

metadata:

   name: database-config

data:

   user: dev-user

   password: password

Usage:

apiVersion: v1

kind: Pod

metadata:

   name: mypod

spec:

   containers:

    - name: mypod

       image: redis

   volumeMounts:

    - name: foo

¬† ¬† ¬† mountPath: "/etc/db-config‚ÄĚ

       readOnly: true

   volumes:

    - name: db-config

      configMap:

          name: database-config

ūüĒĶ ¬†Secret

A Secret contains sensitive data such as a password, a token, or a key.

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.

Definition:

apiVersion: v1

kind: Secret

metadata:

   name: database-config

stringData:

   username: admin

   password: t0p-Secret

Usage:

apiVersion: v1

kind: Pod

metadata:

   name: mypod

spec:

   containers:

    - name: mypod

       image: redis

   volumeMounts:

    - name: foo

¬† ¬† ¬† mountPath: "/etc/db-config‚ÄĚ

       readOnly: true

   volumes:

    - name: db-config

      secret:

          secretName: database-config

‚ĚóÔłŹYou need to bear in mind that:

  • Anyone with cluster access can retrieve or modify a Secret.
  • Secrets can be easily decrypted.

Usually, in a production environment, you would use a third party solution for confidential data management like Hashicorp Vault.

Follow the Kubernetes 101 series on mindit.io.

Check out new-spike.net for other articles on Kubernetes and much more! ūüöÄ

Talk to the team

ASK US SOMETHING OR JUST SAY HELLO, WE'RE HERE.
Contact