In DevOps, we follow the principle of decoupling configuration from code. Kubernetes provides two objects for this: ConfigMaps (for non-sensitive data) and Secrets (for sensitive data like passwords).
1. ConfigMaps
Use ConfigMaps for environment variables, config files, or command-line arguments.
Create a ConfigMap
Action:
kubectl create configmap app-config --from-literal=LOG_LEVEL=debug --from-literal=APP_COLOR=blueResult:
configmap/app-config createdUse in a Pod
Action (Manifest snippet):
spec:
containers:
- name: app
envFrom:
- configMapRef:
name: app-config2. Secrets
Secrets are similar to ConfigMaps but are intended for sensitive data. They are stored in base64 encoding (Note: They are not encrypted by default, just encoded).
Create a Secret
Action:
kubectl create secret generic db-credentials --from-literal=password=SuperSecret123Result:
secret/db-credentials createdVerify (and decode)
Action:
kubectl get secret db-credentials -o jsonpath='{.data.password}' | base64 --decodeResult:
SuperSecret1233. Mounting as Files
You can also mount ConfigMaps and Secrets as files inside a container. This is perfect for complex config files (like nginx.conf).
Action (Manifest snippet):
spec:
volumes:
- name: config-volume
configMap:
name: my-app-files
containers:
- name: web
volumeMounts:
- name: config-volume
mountPath: /etc/configSummary
- ConfigMap: Public configuration (API URLs, Log levels).
- Secret: Private configuration (Passwords, API Keys).
- Both can be injected as Environment Variables or Files (Volumes).
envFrom: Quickest way to inject all values from a ConfigMap/Secret.