ConfigMap & Secrets
The Kubernetes ConfigMap is a Kubernetes API resource that lets you store non-confidential configuration data for your applications. It allows you to decouple configuration from your application code, allowing you to change configuration settings without having to edit and relaunch your program.
ConfigMaps stores data in a key-value format, making it an excellent choice for environmental setups, endpoint URLs, and various application configuration parameters.
When a ConfigMap is utilized, files mounted directly into the container or environment variables can be used by the program to access the stored configurations.
Secret
A Kubernetes Secret is an object that stores and manages sensitive information like passwords, API keys, tokens, or any other secret data. Secrets, like ConfigMaps, enable you to segregate sensitive information from your application code.
Conversely, secrets are built explicitly for storing secret data and offer additional security safeguards.
Similar to ConfigMaps, secrets are key-value pairs with base64 encoding added for an extra degree of protection.
Applications retrieve sensitive data through file mounts or environment variables when accessing Secrets, just like they do with ConfigMaps.
What are the differences between ConfigMaps and Secrets?
ConfigMaps are typically used for non-sensitive configuration data, while Secrets are used for storing sensitive information.
ConfigMaps stores data as key-value pairs, whereas Secrets stores data as base64-encoded data, thereby ensuring an additional layer of security.
ConfigMaps are typically used to store configuration data, such as environment variables, while Secrets store sensitive data, such as passwords and API key.
Working with ConfigMaps
Create ConfigMap
```
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
data:
key1: value1
key2: value2
```Using environment variables with ConfigMaps
```
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
env:
- name: KEY1
valueFrom:
configMapKeyRef:
name: my-configmap
key: key1
- name: KEY2
valueFrom:
configMapKeyRef:
name: my-configmap
key: key2
```Mounting ConfigMaps as volumes
```
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
volumes:
- name: config-volume
configMap:
name: my-configmap
containers:
- name: my-container
image: my-image
volumeMounts:
- name: config-volume
mountPath: /etc/config
```Managing Secrets
Create Secret
```
apiVersion: apps/v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: xxxxxx
password: xxxxxxxx
```Using Secrets as environment variables
```
apiVersion: apps/v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
```Mounting Secrets as volumes
```
apiVersion: apps/v1
kind: Pod
metadata:
name: my-pod
spec:
volumes:
- name: secret-volume
secret:
secretName: my-secret
containers:
- name: my-container
image: my-image
volumeMounts:
- name: secret-volume
mountPath: /etc/secret
readOnly: true
```Sample Deployment File with CM and Secrets
```
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: my-image
env:
- name: CONFIG_VALUE
valueFrom:
configMapKeyRef:
name: my-configmap
key: key1
- name: SECRET_VALUE
valueFrom:
secretKeyRef:
name: my-secret
key: username
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: secret-volume
mountPath: /etc/secret
volumes:
- name: config-volume
configMap:
name: my-configmap
- name: secret-volume
secret:
secretName: my-secret
```Last updated