YouTip LogoYouTip

Kubernetes ConfigMaps and Secrets

Introduction

ConfigMaps store non-sensitive configuration, while Secrets handle sensitive data like passwords and API keys. Both decouple configuration from container images.

ConfigMap

# Create from literal
kubectl create configmap app-config --from-literal=APP_ENV=production

# Create from file
kubectl create configmap nginx-config --from-file=nginx.conf

# ConfigMap YAML
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: production
  LOG_LEVEL: info
  config.json: |
    {"key": "value"}

Secrets

# Create secret
kubectl create secret generic db-secret 
  --from-literal=DB_USER=admin 
  --from-literal=DB_PASS=secretpass

# Secret YAML (values must be base64 encoded)
apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  DB_USER: YWRtaW4=
  DB_PASS: c2VjcmV0cGFzcw==

Using in Pods

apiVersion: v1
kind: Pod
metadata:
  name: myapp
spec:
  containers:
  - name: myapp
    image: myapp:1.0
    envFrom:
    - configMapRef:
        name: app-config
    - secretRef:
        name: db-secret

Summary

Use ConfigMaps for general config and Secrets for sensitive data. Inject them as environment variables or mount as volumes. Never hardcode credentials in images.

← Kubernetes Scaling and UpdatesKubernetes Services and Ingres β†’