OpenShift ConfigMaps & Secrets

Managing configuration and sensitive data in OpenShift.

ConfigMaps

# Create configmap from literal values
oc create configmap my-config --from-literal=KEY1=VALUE1 --from-literal=KEY2=VALUE2

# Create configmap from file
oc create configmap my-config --from-file=config.properties

# Create configmap from directory
oc create configmap my-config --from-file=config/

# Create configmap from env file
oc create configmap my-config --from-env-file=.env

# List configmaps
oc get configmaps
oc get cm

# Describe a configmap
oc describe cm my-config

# Get specific key
oc get cm my-config -o jsonpath='{.data.KEY1}'

# Edit a configmap
oc edit cm my-config

# Delete a configmap
oc delete cm my-config

Secrets

# Create generic secret
oc create secret generic my-secret --from-literal=username=admin --from-literal=password=s3cret

# Create secret from file
oc create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa

# Create TLS secret
oc create secret tls my-tls --cert=cert.pem --key=key.pem

# Create docker registry secret
oc create secret docker-registry my-registry   --docker-server=registry.example.com   --docker-username=user   --docker-password=pass

# Link secret to service account for pulls
oc secrets link default my-registry --for=pull

# List secrets
oc get secrets

# Describe a secret
oc describe secret my-secret

# Delete a secret
oc delete secret my-secret

Using ConfigMaps and Secrets

# As environment variables
spec:
  containers:
    - name: app
      envFrom:
        - configMapRef:
            name: my-config
        - secretRef:
            name: my-secret

# As single environment variable
spec:
  containers:
    - name: app
      env:
        - name: DB_HOST
          valueFrom:
            configMapKeyRef:
              name: my-config
              key: database-host
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

# As mounted volumes
spec:
  containers:
    - name: app
      volumeMounts:
        - name: config-volume
          mountPath: /etc/config
        - name: secret-volume
          mountPath: /etc/secrets
  volumes:
    - name: config-volume
      configMap:
        name: my-config
    - name: secret-volume
      secret:
        secretName: my-secret

ConfigMaps

# Create configmap from literal values oc create configmap my-config --from-literal=KEY1=VALUE1 --from-literal=KEY2=VALUE2 # Create configmap from file oc create configmap my-config --from-file=config.properties # Create configmap from directory oc create configmap my-config --from-file=config/ # Create configmap from env file oc create configmap my-config --from-env-file=.env # List configmaps oc get configmaps oc get cm # Describe a configmap oc describe cm my-config # Get specific key oc get cm my-config -o jsonpath='{.data.KEY1}' # Edit a configmap oc edit cm my-config # Delete a configmap oc delete cm my-config

Secrets

# Create generic secret oc create secret generic my-secret --from-literal=username=admin --from-literal=password=s3cret # Create secret from file oc create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa # Create TLS secret oc create secret tls my-tls --cert=cert.pem --key=key.pem # Create docker registry secret oc create secret docker-registry my-registry --docker-server=registry.example.com --docker-username=user --docker-password=pass # Link secret to service account for pulls oc secrets link default my-registry --for=pull # List secrets oc get secrets # Describe a secret oc describe secret my-secret # Delete a secret oc delete secret my-secret

Using ConfigMaps and Secrets

# As environment variables spec: containers: - name: app envFrom: - configMapRef: name: my-config - secretRef: name: my-secret # As single environment variable spec: containers: - name: app env: - name: DB_HOST valueFrom: configMapKeyRef: name: my-config key: database-host - name: DB_PASSWORD valueFrom: secretKeyRef: name: my-secret key: password

# As mounted volumes spec: containers: - name: app volumeMounts: - name: config-volume mountPath: /etc/config - name: secret-volume mountPath: /etc/secrets volumes: - name: config-volume configMap: name: my-config - name: secret-volume secret: secretName: my-secret