Configuration
ConfigMaps and Secrets for application configuration
Overview
Kubernetes provides two primary mechanisms for configuration: ConfigMaps for non-sensitive data and Secrets for sensitive data. This section covers how to manage application configuration in Kubernetes.
Study Path
- ConfigMaps - Non-sensitive configuration
- Secrets - Sensitive data management
- Configuration Patterns - Best practices
Quick Comparison
| Aspect | ConfigMap | Secret |
|---|---|---|
| Purpose | Non-sensitive config | Sensitive data |
| Encoding | Plain text | Base64 (not encrypted by default) |
| Visibility | Visible to anyone with access | Should be RBAC-protected |
| Use Case | Config files, environment variables | Passwords, keys, tokens |
Quick Reference
Common Commands
bash
# ConfigMaps
kubectl create configmap my-config --from-file=config.yaml
kubectl get configmaps
kubectl describe configmap my-config
kubectl delete configmap my-config
# Secrets
kubectl create secret generic my-secret --from-literal=password=mypass
kubectl get secrets
kubectl describe secret my-secret
kubectl delete secret my-secretUsing in Pods
yaml
# As environment variables
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secret
# As volumes
volumes:
- name: config
configMap:
name: app-config
- name: secrets
secret:
secretName: app-secretBest Practices
- Never commit Secrets to git
- Use volume mounts for Secrets (not environment variables)
- Encrypt Secrets at rest (enable KMS encryption)
- Rotate Secrets regularly
- Use RBAC to restrict access
Next Steps
- Learn ConfigMaps: ConfigMaps
- Understand Secrets: Secrets
- Practice: Lab 04: Configuration
Continue Learning:
Return to: Key Concepts | Overview