#Secret
2 posts
Certified Kubernetes Administrator (CKA) #12 ConfigMap and Secret in Depth
The twelfth post in the Certified Kubernetes Administrator (CKA) series. We dig into ConfigMap and Secret from an operator's point of view: the three sources of kubectl create (--from-literal, --from-file, --from-env-file), Secret types (generic/docker-registry/tls) and the fact that base64 is not encryption, the injection methods of env valueFrom, envFrom, volume mount, and subPath, the difference in auto-refresh between env and volume, and how immutable buys you both performance and safety — all laid out with YAML and kubectl.
K8s Basics #6: ConfigMap and Secret — Splitting Out Configuration
Through [#5](/en/posts/k8s-basics-5), one thing in our manifest is still awkward — image tags, ports, and domains are written directly into it. This post pulls those out into two objects: ConfigMap and Secret. The K8s way to apply the 12-factor "store config in the environment" rule, three injection methods (env / envFrom / volume), the one-line caveat that Secret is not actually encryption, and why a Pod restart is needed when config changes.