#ConfigMap

2 posts

Certified Kubernetes Administrator (CKA) #12 ConfigMap and Secret in Depth
9 min read

Certified Kubernetes Administrator (CKA) #12 ConfigMap and Secret in Depth

The twelfth post in the Certified Kubernetes Administrator (CKA) series. We dig into ConfigMap and Secret from an operator's point of view: the three sources of kubectl create (--from-literal, --from-file, --from-env-file), Secret types (generic/docker-registry/tls) and the fact that base64 is not encryption, the injection methods of env valueFrom, envFrom, volume mount, and subPath, the difference in auto-refresh between env and volume, and how immutable buys you both performance and safety — all laid out with YAML and kubectl.

K8s Basics #6: ConfigMap and Secret — Splitting Out Configuration
15 min read

K8s Basics #6: ConfigMap and Secret — Splitting Out Configuration

Through [#5](/en/posts/k8s-basics-5), one thing in our manifest is still awkward — image tags, ports, and domains are written directly into it. This post pulls those out into two objects: ConfigMap and Secret. The K8s way to apply the 12-factor "store config in the environment" rule, three injection methods (env / envFrom / volume), the one-line caveat that Secret is not actually encryption, and why a Pod restart is needed when config changes.