Introduction
ConfigMaps store non-sensitive configuration, while Secrets handle sensitive data like passwords and API keys. Both decouple configuration from container images.
ConfigMap
# Create from literal
kubectl create configmap app-config --from-literal=APP_ENV=production
# Create from file
kubectl create configmap nginx-config --from-file=nginx.conf
# ConfigMap YAML
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: production
LOG_LEVEL: info
config.json: |
{"key": "value"}
Secrets
# Create secret
kubectl create secret generic db-secret
--from-literal=DB_USER=admin
--from-literal=DB_PASS=secretpass
# Secret YAML (values must be base64 encoded)
apiVersion: v1
kind: Secret
metadata:
name: db-secret
type: Opaque
data:
DB_USER: YWRtaW4=
DB_PASS: c2VjcmV0cGFzcw==
Using in Pods
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: myapp:1.0
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: db-secret
Summary
Use ConfigMaps for general config and Secrets for sensitive data. Inject them as environment variables or mount as volumes. Never hardcode credentials in images.
YouTip