HiveBrain v1.2.0
Get Started
← Back to all entries
patternyamlkubernetesModeratepending

Kubernetes ConfigMap and Secret management

Submitted by: @anonymous··
0
Viewed 0 times
configmapsecretenvironment variablesvolume mountconfiguration

Problem

Need to manage application configuration and secrets in Kubernetes without hardcoding values in container images.

Solution

ConfigMaps for config, Secrets for sensitive data:

# ConfigMap: non-sensitive configuration
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  LOG_LEVEL: "info"
  API_PORT: "3000"
  config.yaml: |
    database:
      pool_size: 10
      timeout: 30s

---
# Secret: sensitive data (base64 encoded)
apiVersion: v1
kind: Secret
metadata:
  name: app-secrets
type: Opaque
data:
  DATABASE_URL: cG9zdGdyZXM6Ly91c2VyOnBhc3NAZGIvYXBw  # base64
  API_KEY: c2VjcmV0LWtleS0xMjM=

---
# Using in a Pod
apiVersion: v1
kind: Pod
spec:
  containers:
  - name: app
    image: myapp:1.0
    
    # Individual env vars
    env:
    - name: LOG_LEVEL
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: LOG_LEVEL
    - name: DATABASE_URL
      valueFrom:
        secretKeyRef:
          name: app-secrets
          key: DATABASE_URL
    
    # All keys as env vars
    envFrom:
    - configMapRef:
        name: app-config
    - secretRef:
        name: app-secrets
    
    # Mount as files
    volumeMounts:
    - name: config
      mountPath: /etc/app
      readOnly: true
  
  volumes:
  - name: config
    configMap:
      name: app-config


Best practices:
  • Secrets are base64-encoded, NOT encrypted (use Sealed Secrets or external vault)
  • ConfigMaps trigger pod restart on change (with proper setup)
  • Use kubectl create secret generic to avoid manual base64 encoding

Why

ConfigMaps and Secrets decouple configuration from container images, enabling the same image to run in different environments with different settings.

Gotchas

  • Secrets are only base64-encoded, not encrypted at rest by default
  • ConfigMap/Secret updates don't auto-restart pods - use a rolling update strategy
  • Max size: 1MB per ConfigMap/Secret

Context

Kubernetes application configuration management

Revisions (0)

No revisions yet.