ConfigMap
A ConfigMap is used to store non-confidential data in key-value pairs.
They allow decoupling of environment-specific configuration from container images, so that the applications are easily portable.
Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.
Definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: database-config
data:
user: dev-user
password: password
Usage:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
– name: mypod
image: redis
volumeMounts:
– name: foo
mountPath: “/etc/db-config”
readOnly: true
volumes:
– name: db-config
configMap:
name: database-config
Secret
A Secret contains sensitive data such as a password, a token, or a key.
Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.
Definition:
apiVersion: v1
kind: Secret
metadata:
name: database-config
stringData:
username: admin
password: t0p-Secret
Usage:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
– name: mypod
image: redis
volumeMounts:
– name: foo
mountPath: “/etc/db-config”
readOnly: true
volumes:
– name: db-config
secret:
secretName: database-config
You need to bear in mind that:
Anyone with cluster access can retrieve or modify a Secret.
Secrets can be easily decrypted.
Usually, in a production environment, you would use a third party solution for confidential data management like Hashicorp Vault.
Follow the Kubernetes 101 series on mindit.io.
Check out new-spike.net for other articles on Kubernetes and much more!
