I need clarity on secrets and configmaps on a deployment manifest. Is it a thing of 1 or the other, or can both be used. For example, if my app has secrets like DB credentials and non sensitive env variables, can I create a secret yaml and configmap yaml separate? If so, how do you add both to the deployment yaml file:
envFrom:
Will this work?
Thanks for reading
Hi @cambell79
You should be able to do it like this, and consume as many configmaps and secrets as you like
envFrom:
- secretRef:
name: my-secret
- configMapRef:
name: my-configmap
- configMapRef:
name: my-other-configmap
Thanks for the clarity @Alistair_KodeKloud. I also see other material where volumes are created for secrets and CM and mounted into the containers. At what point do you use this option or envFrom? Is it just a matter of preference?
Hi,
It depends on the use case. If your secrets and config maps contain only key-value pairs, then it probably makes sense to mount them in the environment as above.
Secrets and config maps can also contain entire files, and in this form are often used to provide configuration files for the application running in the container. Here you would mount as volumes so that the files in the maps/secrets are visible to the application.