...

Kubernetes 101 – ConfigMap & Secrets

ConfigMap

A ConfigMap is used to store non-confidential data in key-value pairs.

They allow decoupling of environment-specific configuration from container images, so that the applications are easily portable.

Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

Definition:

apiVersion: v1

kind: ConfigMap

metadata:

name: database-config

data:

user: dev-user

password: password

Usage:

apiVersion: v1

kind: Pod

metadata:

name: mypod

spec:

containers:

– name: mypod

image: redis

volumeMounts:

– name: foo

mountPath: “/etc/db-config”

readOnly: true

volumes:

– name: db-config

configMap:

name: database-config

Secret

A Secret contains sensitive data such as a password, a token, or a key.

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.

Definition:

apiVersion: v1

kind: Secret

metadata:

name: database-config

stringData:

username: admin

password: t0p-Secret

Usage:

apiVersion: v1

kind: Pod

metadata:

name: mypod

spec:

containers:

– name: mypod

image: redis

volumeMounts:

– name: foo

mountPath: “/etc/db-config”

readOnly: true

volumes:

– name: db-config

secret:

secretName: database-config

You need to bear in mind that:

Anyone with cluster access can retrieve or modify a Secret.
Secrets can be easily decrypted.

Usually, in a production environment, you would use a third party solution for confidential data management like Hashicorp Vault.
Follow the Kubernetes 101 series on mindit.io.
Check out new-spike.net for other articles on Kubernetes and much more!

Distribute:

/turn your vision into reality

The best way to start a long-term collaboration is with a Pilot project. Let’s talk.