Skip to main content

ConfigMaps & Secrets

Cmds
k create configmap app-config --from-literal=APP_COLOR=blue (also --from-file=..)
k create secret generic app-secret --from-literal="key=value" --from-literal...
tip

ConfigMaps can be made immutable with "immutable: true"

ConfigMap Manifest
apiVersion: v1
kind: ConfigMap
metadata:
	name: app-config
data:
	APP_COLOR: blue
	APP_MODE: prod
Secret Manifest
apiVersion: v1
kind: Secret
metadata:
  name: db-secret
data:
  DB_Host: c3FsMDE=
  DB_Password: cGFzc3dvcmQxMjM=
  DB_User: cm9vdA==

Make all CofigMap & Secrets available to container

spec:
  containers:
  - name: my-app-container  # You must name the container
    image: my-image:latest
    envFrom:
    - configMapRef:
        name: app-config
    - secretRef:
        name: test-secret

Select specific keys from ConfigMaps

spec:
  containers:
  - name: my-app
    image: my-image
    env:
    # Variable 1: From ConfigMap
    - name: APP_COLOR
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: APP_COLOR

    # Variable 2: From Secret (Must be a separate list item)
    - name: BACKEND_USER
      valueFrom:
        secretKeyRef:
          name: backend-user
          key: backend-username

Secrets in pods as files in mounted volumes

spec:
  containers:
  - name: my-app
    image: my-image
    volumeMounts:          # <--- You need this to actually USE the volume
    - name: app-secret-volume
      mountPath: /etc/secrets

  volumes:                 # <--- Sibling to 'containers'
  - name: app-secret-volume
    secret:
      secretName: app-secret