Kubernetes YAML Config and Secrets

Kubernetes YAML•Permalink

ConfigMap, Secret, projected volume, envFrom, and secure configuration patterns.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## ConfigMaps

Basic ConfigMap YAML

↗#

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: production
  LOG_LEVEL: info
  FEATURE_X_ENABLED: "true"

# Key-value application config in YAML.

ConfigMap with file-like content

↗#

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
data:
  default.conf: |
    server {
      listen 80;
      location / {
        proxy_pass http://api:8080;
      }
    }

# Mount application config files from YAML.

Mount ConfigMap as files

↗#

volumes:
  - name: app-config
    configMap:
      name: nginx-config

containers:
  - name: nginx
    image: nginx:1.27
    volumeMounts:
      - name: app-config
        mountPath: /etc/nginx/conf.d

# Expose configuration under a volume mount path.

## Secrets

Opaque Secret with stringData

↗#

apiVersion: v1
kind: Secret
metadata:
  name: app-secrets
type: Opaque
stringData:
  DATABASE_URL: postgres://app:secret@postgres:5432/app
  API_KEY: replace-me

# Author readable Secret YAML without manual base64.

Read specific secret keys into env vars

↗#

env:
  - name: DATABASE_URL
    valueFrom:
      secretKeyRef:
        name: app-secrets
        key: DATABASE_URL

# Map one Secret key to one variable.

Mount Secret as files

↗#

volumes:
  - name: tls
    secret:
      secretName: app-tls
containers:
  - name: api
    volumeMounts:
      - name: tls
        mountPath: /etc/tls
        readOnly: true

# Expose certificate or key material through a volume.

Create Secret from literals

↗#

kubectl create secret generic app-secrets --from-literal=API_KEY=replace-me

# Generate a Secret without hand-editing YAML.

## Projected Volumes

Combine Secret and ConfigMap into one volume

↗#

volumes:
  - name: app-settings
    projected:
      sources:
        - configMap:
            name: app-config
        - secret:
            name: app-secrets

# Project multiple sources into a single directory.

More in Kubernetes YAML

Kubernetes YAML Kustomize and CRDs

Kustomize overlays, patches, generators, and CRD/CR authoring patterns.

Kubernetes YAML Networking

Services, Ingress, NetworkPolicy, ports, and service exposure manifests.

Kubernetes YAML Workloads

YAML patterns for Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, HPAs, and PodDisruptionBudgets.

Kubernetes YAML Cheat Sheet

High-value Kubernetes YAML patterns for Pods, Deployments, Services, probes, resources, scheduling, and day-to-day manifest authoring.

Recommended next

No recommendations yet.

Browse all sheets →