KKloud TarusKKloud Tarus
  • Blog
  • Series
  • Team
  • About

Blog

Thoughts on engineering, design, and building great products.

SeriesAll postsConfigMapAIAPFAPIAPI GatewayARPAWSAdmissionAffinityAggregationAnsibleAppArmorArchitectureAuthenticationAuthorization
ConfigMap and Secret
DevOpsConfigMap

ConfigMap and Secret

Don't bake configuration into the image — pull it into a ConfigMap for ordinary data, a Secret for sensitive data, then inject it via environment variables or files. This article opens Part VI with both: four ways to consume them, one key difference (files auto-update on edit, env doesn't), and the harsh truth that a Secret is only base64, not encrypted — unless you turn it on, which our cluster did in Article 5. Tested for real, dug into etcd.

K
KaiMay 24, 2026· 17 views
ConfigMap and Secret: Separating Configu...
DevOpsConfigMap

ConfigMap and Secret: Separating Configuration from the Image

The same image must run in dev, staging, production — meaning configuration cannot be baked into the image. ConfigMap holds ordinary configuration, Secret holds sensitive data. This article: creating and injecting them into a pod via environment variables and files, with an important warning about 'a Secret is just base64'.

K
KaiMay 23, 2026· 48 views
KKloud TarusKKloud Tarus

Explore. Build. Share.

  • Blog
  • Team
  • About
© 2026 KKloud Tarus. All rights reserved.