ConfigMaps and Secrets
ConfigMaps and Secrets are two Kubernetes objects used to store configuration data and secrets, respectively.
ConfigMaps are used to store configuration data in the form of key-value pairs. The data stored in a ConfigMap can be used to configure applications, build and compile applications, or as environment variables.
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
KEY1: VALUE1
KEY2: VALUE2
To create a ConfigMap
with kubectl
, run:
kubectl create configmap my-configmap --from-literal=key1=value1 --from-literal=key2=value2
To edit the ConfigMap
: kubectl edit configmap my-configmap
This can be mounted in a Pod, either via Deployments or StatefulSets:
spec:
containers:
- name: mycontainer
image: busybox
env:
- name: KEY1
valueFrom:
configMapKeyRef:
name: myconfigmap
key: KEY1
Alternatively, they can be mounted as a file
spec:
containers:
- name: mycontainer
image: busybox
volumeMounts:
- name: configmap-volume
mountPath: /etc/config/
volumes:
- name: configmap-volume
configMap:
name: myconfigmap
Secrets are used to store sensitive information such as passwords, tokens, and certificates. The data stored in a Secret is encrypted and can only be accessed by Pods that have the appropriate permissions.
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
KEY1: VALUE1
KEY2: VALUE2
Like ConfigMaps, Secrets can be mounted inside a Pod:
spec:
containers:
- name: mycontainer
image: busybox
env:
- name: KEY1
valueFrom:
secretKeyRef:
name: mysecret
key: KEY1
Or as a file:
spec:
containers:
- name: mycontainer
image: busybox
volumeMounts:
- name: secret-volume
mountPath: /etc/secret/
volumes:
- name: secret-volume
secret:
secretName: mysecret
In conclusion, ConfigMaps and Secrets provide a way to store configuration data and secrets in a secure and organized manner in Kubernetes. They can be mounted as environment variables or as files to be used by containers in a Pod.