ConfigMap object allows to manage application's configuration using Kubernetes primitives. YAML below:

kubectl create configmap my-config-map --namespace=web -oyaml --dry-run > config-map.yml

<syntaxhighlightjs lang=yaml> apiVersion: v1 kind: ConfigMap metadata:

 creationTimestamp: null
 name: my-config-map
 namespace: web

data: # added when editing

 myKey: myValue1
 anotherKey: myValue2

</syntaxhighlightjs>

 name: kube-configmap

 containers:
 - name: nginx
   image: nginx
   command: ['sh', '-c', "echo $(VAR) && sleep 600"]
   env:
   - name: VAR
     valueFrom:
       configMapKeyRef:
         name: kubeapp-config
         key: value1

 name: configmap-volume-kube

 containers:
 - name: nginx
   image: nginx
   command: ['sh', '-c', "echo $(cat /etc/config/myKey && sleep 3600"]
   volumeMounts:
     - name: configmapvolume
       mountPath: /etc/config # this will be a directory
 volumes:
   - name: configmapvolume
     configMap:               # key will be a file name
       name: kube-configmap   # with value in content

 name: kube-secret-volume-pod

 containers:
 - name: nginx
   image: nginx
   command: ['sh', '-c', "echo $(MY_VAR) && sleep 3600"]
   volumeMounts:
     - name: secretvolume
       mountPath: /etc/certs
 volumes:
   - name: secretvolume
     secret:
       secretName: kube-secret

Deploy configMap

kubectl apply -f configmap-pod.yaml
kubectl logs configmap-pod         #Get the logs from the pod displaying the value

Another way to provide values from a ConfigMap is to mount as a container's volume. The keys you can see within the container

kubectl exec configmaps-volume-kube -- ls  /etc/config
kubectl exec configmaps-volume-kube -- cat /etc/config/key1

Secrets

Secrets types:

SecretType = "Opaque"                                 // Opaque (arbitrary data; default)
SecretType = "kubernetes.io/service-account-token"    // Kubernetes auth token
SecretType = "kubernetes.io/dockercfg"                // Docker registry auth
SecretType = "kubernetes.io/dockerconfigjson"         // Latest Docker registry auth

Create secrets

kubectl create secret generic user-creds --from-literal=pass=pass123 --from-literal=user=john --save-config  -oyaml --dry-run=true --type=Opaque > secrets.yaml

<syntaxhighlightjs lang=yaml> apiVersion: v1 kind: Secret metadata:

 creationTimestamp: null
 name: user-creds

data: # keys contain b64 encoded values

 pass: cGFzczEyMw==
 user: am9obg==

type: Opaque </syntaxhighlightjs>

Another secret. stringData: specifying non-binary secret data in string form. It is provided as a write-only convenience method. All keys and values are merged into the data field on write. <syntaxhighlightjs lang=yaml> apiVersion: v1 kind: Secret metadata:

 name: kube-secret

stringData: # literal string, keys' values will be b64 encoded on write

 cert: 1234abc
 key: ca.crt

</syntaxhighlightjs>

Describe secrets

kubectl describe secrets kube-secret
Name:         kube-secret
Namespace:    default
Labels:       <none>
Annotations:  
Type:         Opaque

Data
====
cert:  5 bytes
key:   5 bytes

Reference secrets in pod spec

kubectl create secret generic user-creds --from-literal=user=john --from-literal=password=pass123 --save-config -oyaml --type=Opaque  --dry-run=true

 name: busybox-with-secret-env

 containers:
 - name: busybox
   image: busybox
   command: ['sh', '-c', "echo secret env(VAR) variable: $VAR && sleep 3600"]
   env:
   - name: VAR
     valueFrom:
       configMapKeyRef:
         name: user-creds
         key: password

 name: busybox-with-secret-mounted

 containers:
 - name: busybox
   image: busybox
   command: ['sh', '-c', "echo $(cat /etc/config/myKey && sleep 3600"]
   volumeMounts:
     - name: configmapvolume
       mountPath: /etc/config # this will be a directory
 volumes:
   - name: secretvolume
     configMap:           # key will be a file name
       name: user-creds   # with value in the content

References

• configure-pod-configmap
• Secretes