ConfigMaps and Secrets
Learn why configuration should live outside images and how ConfigMaps and Secrets help separate code from runtime settings.
Why Externalize Configuration?
Applications often need environment-specific values such as API URLs, feature flags, passwords, and certificates. Baking those values into container images makes promotion and reuse much harder.
ConfigMap vs Secret Overview
| Resource | Best for | Important note |
|---|---|---|
| ConfigMap | Non-sensitive configuration | Plain configuration data |
| Secret | Sensitive data such as passwords, tokens, or TLS material | Base64 is encoding, not strong security by itself |
Why This Separation Helps
- same image across dev, staging, and prod
- safer secret handling patterns
- easier updates without rebuilding the image
Sub-pages in This Section
| Sub-topic | What you will learn |
|---|---|
| ConfigMaps | Create ConfigMaps and inject config as env vars or files |
| Secrets | Store sensitive values and mount or inject them safely |
Core Idea
Treat images as reusable application packages and configuration as runtime input.
That separation is a big part of twelve-factor and cloud-native design.
Config Purpose
Why is externalizing configuration usually a good idea?
Secret Warning
What is an important truth about Kubernetes Secrets by default?