# ConfigMap with key-value pairsapiVersion:v1kind:ConfigMapmetadata:name:app-configdata:# Simple key-value pairsdatabase_host:"postgres.default.svc.cluster.local"database_port:"5432"database_name:"myapp"log_level:"info"max_connections:"100"---# Deployment using ConfigMap as environment variablesapiVersion:apps/v1kind:Deploymentmetadata:name:web-appspec:replicas:2selector:matchLabels:app:webtemplate:metadata:labels:app:webspec:containers:-name:nginximage:nginx:1.25-alpineenv:# Individual environment variables from ConfigMap-name:DB_HOSTvalueFrom:configMapKeyRef:name:app-configkey:database_host-name:DB_PORTvalueFrom:configMapKeyRef:name:app-configkey:database_port-name:DB_NAMEvalueFrom:configMapKeyRef:name:app-configkey:database_name# All keys from ConfigMap as environment variablesenvFrom:-configMapRef:name:app-config
configmap-volume.yaml — ConfigMap mounted as a volume¶
# ConfigMap with file-like dataapiVersion:v1kind:ConfigMapmetadata:name:nginx-configdata:# Configuration file contentnginx.conf:|user nginx;worker_processes auto;events {worker_connections 1024;}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;location / {root /usr/share/nginx/html;index index.html;}location /health {access_log off;return 200 "healthy\n";add_header Content-Type text/plain;}}}index.html:|<!DOCTYPE html><html><head><title>ConfigMap Demo</title></head><body><h1>Configuration from ConfigMap</h1><p>This page is served from a ConfigMap volume mount.</p></body></html>---# Deployment mounting ConfigMap as volumeapiVersion:apps/v1kind:Deploymentmetadata:name:nginx-with-configspec:replicas:2selector:matchLabels:app:nginxtemplate:metadata:labels:app:nginxspec:containers:-name:nginximage:nginx:1.25-alpineports:-containerPort:80volumeMounts:# Mount entire ConfigMap as directory-name:config-volumemountPath:/etc/nginx/nginx.confsubPath:nginx.conf-name:config-volumemountPath:/usr/share/nginx/html/index.htmlsubPath:index.htmlvolumes:-name:config-volumeconfigMap:name:nginx-config
# Secret for sensitive data# Note: Values must be base64 encoded# echo -n 'mypassword' | base64apiVersion:v1kind:Secretmetadata:name:db-credentialstype:Opaquedata:username:YWRtaW4=# adminpassword:bXlwYXNzd29yZA==# mypasswordconnection-string:cG9zdGdyZXM6Ly9hZG1pbjpteXBhc3N3b3JkQHBvc3RncmVzOjU0MzIvbXlhcHA=---# Secret using stringData (no encoding needed)apiVersion:v1kind:Secretmetadata:name:api-keystype:OpaquestringData:api-key:"sk-1234567890abcdef"api-secret:"secret-key-here"webhook-token:"webhook-token-123"---# Deployment using SecretsapiVersion:apps/v1kind:Deploymentmetadata:name:app-with-secretsspec:replicas:2selector:matchLabels:app:myapptemplate:metadata:labels:app:myappspec:containers:-name:appimage:busybox:1.36command:["/bin/sh","-c"]args:-|echo "App started with credentials:"echo "Username: $DB_USERNAME"echo "API Key: $API_KEY"echo "Reading connection string from file:"cat /etc/secrets/connection-stringecho ""echo "Sleeping..."sleep 3600env:# Individual secrets as environment variables-name:DB_USERNAMEvalueFrom:secretKeyRef:name:db-credentialskey:username-name:DB_PASSWORDvalueFrom:secretKeyRef:name:db-credentialskey:password# All keys from another secretenvFrom:-secretRef:name:api-keysprefix:API_volumeMounts:# Mount secrets as files-name:db-secret-volumemountPath:/etc/secretsreadOnly:truevolumes:-name:db-secret-volumesecret:secretName:db-credentialsitems:-key:connection-stringpath:connection-string
# Docker Compose equivalent for ConfigMaps and Secrets# Compose uses environment variables and config files similarlyservices:# Using environment variables (like ConfigMap)web:image:nginx:1.25-alpineenvironment:# Direct values (similar to ConfigMap data)DB_HOST:postgres.default.svc.cluster.localDB_PORT:"5432"DB_NAME:myappLOG_LEVEL:infoMAX_CONNECTIONS:"100"# Or from .env file# env_file:# - ./config.envdeploy:replicas:2# Using config files (similar to ConfigMap volumes)nginx-custom:image:nginx:1.25-alpineconfigs:-source:nginx_configtarget:/etc/nginx/nginx.conf-source:index_htmltarget:/usr/share/nginx/html/index.htmldeploy:replicas:2# Using secrets (similar to K8s Secrets)app-with-secrets:image:busybox:1.36command:>sh -c "echo App started with credentials:echo Username: $$DB_USERNAMEecho Reading connection string:cat /run/secrets/connection-stringsleep 3600"environment:DB_USERNAME:adminsecrets:-db_password-connection-string-api-keydeploy:replicas:2# Config definitions (like ConfigMaps)configs:nginx_config:file:./nginx.confindex_html:content:|<!DOCTYPE html><html><head><title>ConfigMap Demo</title></head><body><h1>Configuration from Config</h1><p>This is similar to K8s ConfigMap.</p></body></html># Secret definitions (like K8s Secrets)secrets:db_password:file:./db_password.txtconnection-string:external:true# Externally definedapi-key:environment:"API_KEY"# From environment variable# Key Differences:# # 1. ConfigMap/Environment Variables:# Compose: environment: key=value or env_file# K8s: ConfigMap → envFrom or env with configMapKeyRef# # 2. Configuration Files:# Compose: configs: mounted at specified target path# K8s: ConfigMap → volumeMounts with volumes# # 3. Secrets:# Compose: secrets: mounted in /run/secrets/ by default# K8s: Secret → env (secretKeyRef) or volumeMounts# # 4. External References:# Compose: external: true (must exist before deployment)# K8s: References by name (must exist in same namespace)# # 5. Updates:# Compose: Requires service restart for env vars# K8s: ConfigMap/Secret changes auto-update volumes (env needs restart)# # 6. Security:# Compose: Secrets in /run/secrets/ (tmpfs)# K8s: Secrets in tmpfs, RBAC-controlled, can be encrypted at rest