Notes

7. Namespace (Isolation)

2 min read

🧠 Concept 7: ConfigMap & Secret (Configuration Management πŸ’―)

Image

Image

Image

Image

πŸš€ 1. Core Idea (1-line)

πŸ‘‰ ConfigMap & Secret are used to externalize configuration from your container

🧠 2. Why This Concept Exists (VERY IMPORTANT ⚠️)

Bad practice ❌:

image: app:v1
env:
  DB_PASSWORD: mypassword123

Problems:

  • Hardcoded values 😬

  • Not secure πŸ”“

  • Not reusable πŸ”

πŸ‘‰ Solution:

  • ConfigMap β†’ normal config

  • Secret β†’ sensitive data

πŸ“¦ 3. ConfigMap (Non-sensitive data)

πŸ‘‰ Used for:

  • URLs

  • Config files

  • Feature flags

Example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: production
  LOG_LEVEL: debug

πŸ” 4. Secret (Sensitive data)

πŸ‘‰ Used for:

  • Passwords

  • API keys

  • Tokens

Example:

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  DB_PASSWORD: bXlwYXNzd29yZA==

πŸ‘‰ Value is base64 encoded (NOT encrypted ⚠️)

⚠️ 5. VERY IMPORTANT Difference

FeatureConfigMapSecret
Data typePlain textBase64 encoded
Use caseNon-sensitiveSensitive
SecurityLowSlightly better

πŸ‘‰ But:
⚠️ Secret is NOT fully secure unless:

  • Encryption at rest enabled

  • RBAC properly configured

βš™οΈ 6. How to Use in Pod

As Environment Variables:

envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secret

As Volume (VERY IMPORTANT πŸ”₯)

volumes:
- name: config-vol
  configMap:
name: app-config

πŸ‘‰ Mounted as files inside container

πŸ”₯ 7. Real-world Example (DevOps / ML)

You deploy ML API:

  • DB URL β†’ ConfigMap

  • DB Password β†’ Secret

πŸ‘‰ Clean + secure + flexible

πŸ’₯ 8. Key Benefits

  • No hardcoding

  • Easy updates

  • Reusable configs

  • Better security separation

⚠️ 9. Common Mistakes

❌ Putting secrets in ConfigMap
❌ Thinking base64 = encryption
❌ Hardcoding creds in image

πŸ’Ό 10. Interview Answer

πŸ‘‰ β€œConfigMap stores non-sensitive configuration data, while Secret is used to store sensitive information like passwords and tokens, both of which can be injected into pods.”

⚑ 11. CKA Commands

kubectl create configmap app-config --from-literal=key=value
 
kubectl create secret generic app-secret \
  --from-literal=DB_PASSWORD=mypassword
 
kubectl get cm
kubectl get secret

🧠 12. Memory Trick

πŸ‘‰ ConfigMap = settings βš™οΈ
πŸ‘‰ Secret = passwords πŸ”

πŸ”₯ 13. Pro Insight (Real-world)

In production:

  • Use Vault / AWS Secrets Manager

  • Don’t rely only on K8s Secret

πŸš€ Next Step

Bol:

πŸ‘‰ β€œnext”

Then we go to:
πŸ”₯ Concept 8: Volume & Persistent Volume (Storage πŸ’― β€” VERY IMPORTANT)

Graph View

Backlinks