ConfigMaps and Secrets

πŸ” Kubernetes ConfigMaps & Secrets Explained

In this tutorial, we explore how ConfigMaps and Secrets are used in Kubernetes to separate configuration from application code. This is a core concept for building secure, flexible, and production-ready workloads.

Overview πŸ“˜

  • Creating and using ConfigMaps for configuration data
  • Creating and using Secrets for sensitive information
  • Mounting ConfigMaps as files
  • Injecting Secrets as environment variables

1. ConfigMap Example 🧩

This ConfigMap stores HTML content that will be served directly by an nginx container. Instead of baking content into the image, we externalise it using Kubernetes. 

apiVersion: v1
kind: ConfigMap

metadata:
  name: nginx-config        # Name used to reference this ConfigMap

data:
  index.html: |             # Key becomes a filename when mounted
    <!DOCTYPE html>
    <html>
    <body>
      <h1>Hello from ConfigMap!</h1>
      <p>This content is loaded from a ConfigMap</p>
    </body>
    </html>

What’s happening here:
The data section contains key-value pairs. When mounted as a volume, each key becomes a file. In this case, index.html will be created inside the container and served by nginx.

2. Secret Example πŸ”‘

Secrets are used to store sensitive data such as passwords, tokens, and API keys. Here, we store a simple message and expose it as an environment variable. 

apiVersion: v1
kind: Secret

metadata:
  name: nginx-secret

type: Opaque                # Generic key/value Secret

stringData:                # Allows plain text (auto base64-encoded)
  message: "This message comes from a Secret!"

Why stringData?
Kubernetes automatically base64-encodes values stored in stringData. This avoids manual encoding and is easier to read during development.

3. Deployment Using ConfigMap & Secret βš™οΈ

This Deployment demonstrates two patterns: mounting a ConfigMap as files and injecting a Secret as an environment variable. 

apiVersion: apps/v1
kind: Deployment

metadata:
  name: nginx-configured

spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-configured

  template:
    metadata:
      labels:
        app: nginx-configured

    spec:
      containers:
      - name: nginx
        image: nginx:1.14

        ports:
        - containerPort: 80

        volumeMounts:
        - name: config-volume              # Volume reference
          mountPath: /usr/share/nginx/html # Where files appear in container

        env:
        - name: SECRET_MESSAGE              # Environment variable name
          valueFrom:
            secretKeyRef:
              name: nginx-secret
              key: message

      volumes:
      - name: config-volume
        configMap:
          name: nginx-config                # ConfigMap source

How this works:
The ConfigMap is mounted as a volume, creating files inside the container. nginx serves content from /usr/share/nginx/html, so the mounted index.html is served automatically. The Secret is injected as an environment variable and decoded automatically.

4. Service Configuration 🌐

To access the nginx pod from outside the cluster, we expose it using a NodePort Service. 

apiVersion: v1
kind: Service

metadata:
  name: nginx-configured-service

spec:
  type: NodePort

  selector:
    app: nginx-configured

  ports:
    - port: 80
      targetPort: 80
      nodePort: 30091

This Service routes traffic from NodeIP:30091 to port 80 on the nginx container.

5. Command Reference πŸ§ͺ

# Create ConfigMap and Secret
kubectl apply -f nginx-configmap.yaml
kubectl apply -f nginx-secret.yaml

# Deploy application
kubectl apply -f 04-config-deployment.yaml

# Create Service
kubectl apply -f 03-config-service.yaml

# Verify mounted ConfigMap file
kubectl exec -it \
$(kubectl get pod -l app=nginx-configured -o jsonpath='{.items[0].metadata.name}') \
-- cat /usr/share/nginx/html/index.html

# Verify Secret environment variable
kubectl exec -it \
$(kubectl get pod -l app=nginx-configured -o jsonpath='{.items[0].metadata.name}') \
-- env | grep SECRET_MESSAGE

6. Cleanup 🧹

kubectl delete deployment nginx-configured
kubectl delete service nginx-configured-service
kubectl delete configmap nginx-config
kubectl delete secret nginx-secret

Wrapping Up 🧠✨

ConfigMaps and Secrets are one of those Kubernetes features that quietly change everything. They let you keep configuration flexible, sensitive data safe, and containers clean and reusable πŸ§ΌπŸ“¦.

You’ve now seen how to:

  • Separate configuration from application code βš™οΈ
  • Inject config as files and environment variables πŸ“„πŸŒ±
  • Handle sensitive data the Kubernetes way πŸ”
  • Verify everything from inside a running pod πŸ”

These patterns show up everywhere in real-world clusters β€” once they click, Kubernetes starts to feel a lot less magical and a lot more predictable 🧩.

πŸ‘‰ Next up: Resource Management & Health Checks 🚦

Take a breather, explore the pod, break things if you want β€” that’s how it really sticks πŸ˜„πŸ”₯

Leave a Reply

Your email address will not be published. Required fields are marked *