Skip to content
Deadline to Die

Module 6: Configuration & Secrets

🏗️ 1. The Manual Task: Hardcoded Configuration

In a non-orchestrated environment, configuring applications for different environments (Dev, Staging, Prod) is difficult.

The Manual Steps:

  1. Manage Env Vars: Manually SSH into servers to export environment variables.
  2. Store Passwords: Leave database passwords in plaintext configuration files on the server.
  3. Hardcode Settings: Bake configuration files directly into the Docker image.

🔑 2. The Kubernetes Abstraction: ConfigMaps & Secrets

Kubernetes separates configuration from application images for better portability.

  • ConfigMaps: Store non-confidential data (e.g., DB_HOST: "prod-db.internal").
  • Secrets: Store confidential data (e.g., DB_PASSWORD: "secret-pass").
  • Secure Injection: Kubernetes injects them as environment variables or RAM-backed files (tmpfs) at runtime.