Kubernetes ConfigMap and Secrets

ConfigMaps

URL: https://kubernetes.io/docs/concepts/configuration/configmap/

• A ConfigMap is an API object used to store non-confidential data in key-value pairs.

• Pods can consume ConfigMaps as environment variables, command-line arguments or as configuration files in a volume.

• A ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable.

• Caution:

  • ConfigMap does not provide secrecy or encryption.

  • If the data you want to store are confidential, use a Secret rather than a ConfigMap or use additional (third party) tools to keep your data private.

Here is a comprehensive list of commonly used Kubernetes commands related to ConfigMaps using kubectl:

✅ Create ConfigMap

kubectl create configmap <configmap-name> --from-literal=key1=value1
kubectl create configmap <configmap-name> --from-file=path/to/config.file
kubectl create configmap <configmap-name> --from-env-file=env.file

📖 View ConfigMap

kubectl get configmap
kubectl get configmap <configmap-name> -o yaml

✍️ Edit ConfigMap

kubectl edit configmap <configmap-name>

🔍 Describe ConfigMap

kubectl describe configmap <configmap-name>

❌ Delete ConfigMap

kubectl delete configmap <configmap-name>

Secrets

URL: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data

• A Secret is an object that contains a small amount of sensitive data such as a password, a token or a key.

• Such information might otherwise be put in a Pod specification or in a container image.

• Using a Secret means that you don't need to include confidential data in your application code.

• Because Secrets can be created independently of the Pods that use them, there is less risk of the Secret (and its data) being exposed during the workflow of creating, viewing and editing Pods.

• Kubernetes and applications that run in your cluster, can also take additional precautions with Secrets, such as avoiding writing sensitive data to nonvolatile storage.

• Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.

Uses for Secrets

You can use Secrets for purposes such as the following:

• Set environment variables for a container.

• Provide credentials such as SSH keys or passwords to Pods.

• Allow the kubelet to pull container images from private registries.

• Here is a comprehensive list of commonly used Kubernetes commands related to Secrets using kubectl:

✅ Create Secret

From literal key-value pair:

kubectl create secret generic <secret-name> --from-literal=username=admin --from-literal=password=secret

From file:

kubectl create secret generic <secret-name> --from-file=path/to/secret.file

From env file:

kubectl create secret generic <secret-name> --from-env-file=secret.env

📖 View Secret (encoded)

kubectl get secret
kubectl get secret <secret-name> -o yaml

🔓 To decode a secret value:

echo <base64-encoded-string> | base64 --decode

✍️ Edit Secret

kubectl edit secret <secret-name>

🔍 Describe Secret

kubectl describe secret <secret-name>

❌ Delete Secret

kubectl delete secret <secret-name>