ConfigMaps and Secrets

ConfigMaps and Secrets are two Kubernetes objects used to store configuration data and secrets, respectively.

ConfigMaps are used to store configuration data in the form of key-value pairs. The data stored in a ConfigMap can be used to configure applications, build and compile applications, or as environment variables.

apiVersion: v1
kind: ConfigMap
metadata:
  name: myconfigmap
data:
  KEY1: VALUE1
  KEY2: VALUE2

To create a ConfigMap with kubectl, run:

kubectl create configmap my-configmap --from-literal=key1=value1 --from-literal=key2=value2

To edit the ConfigMap: kubectl edit configmap my-configmap

This can be mounted in a Pod, either via Deployments or StatefulSets:

spec:
  containers:
  - name: mycontainer
    image: busybox
    env:
    - name: KEY1
      valueFrom:
        configMapKeyRef:
          name: myconfigmap
          key: KEY1

Alternatively, they can be mounted as a file

spec:
  containers:
  - name: mycontainer
    image: busybox
    volumeMounts:
    - name: configmap-volume
      mountPath: /etc/config/
  volumes:
  - name: configmap-volume
    configMap:
      name: myconfigmap

Secrets are used to store sensitive information such as passwords, tokens, and certificates. The data stored in a Secret is encrypted and can only be accessed by Pods that have the appropriate permissions.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  KEY1: VALUE1
  KEY2: VALUE2

Like ConfigMaps, Secrets can be mounted inside a Pod:

spec:
  containers:
  - name: mycontainer
    image: busybox
    env:
    - name: KEY1
      valueFrom:
        secretKeyRef:
          name: mysecret
          key: KEY1

Or as a file:

spec:
  containers:
  - name: mycontainer
    image: busybox
    volumeMounts:
    - name: secret-volume
      mountPath: /etc/secret/
  volumes:
  - name: secret-volume
    secret:
      secretName: mysecret

In conclusion, ConfigMaps and Secrets provide a way to store configuration data and secrets in a secure and organized manner in Kubernetes. They can be mounted as environment variables or as files to be used by containers in a Pod.