# ConfigMap for application configuration apiVersion: v1 kind: ConfigMap metadata: name: app-config namespace: my-app labels: app: web-app data: # Environment variables DB_HOST: "postgres-service" DB_PORT: "5432" ENVIRONMENT: "production" LOG_LEVEL: "INFO" # File-like content application.properties: | server.port=8080 logging.level=INFO cache.enabled=true session.timeout=3600 --- # Secret for sensitive data apiVersion: v1 kind: Secret metadata: name: db-secret namespace: my-app labels: app: web-app type: Opaque data: # Base64 encoded values DB_USERNAME: YWRtaW4= # admin DB_PASSWORD: c2VjcmV0MTIz # secret123 API_KEY: bXktYXBpLWtleQ== # my-api-key --- # Deployment using ConfigMap and Secret apiVersion: apps/v1 kind: Deployment metadata: name: web-app-with-config namespace: my-app spec: replicas: 2 selector: matchLabels: app: web-app template: metadata: labels: app: web-app spec: containers: - name: web-app image: nginx:latest ports: - containerPort: 80 env: # Environment variables from ConfigMap - name: DB_HOST valueFrom: configMapKeyRef: name: app-config key: DB_HOST - name: DB_PORT valueFrom: configMapKeyRef: name: app-config key: DB_PORT - name: ENVIRONMENT valueFrom: configMapKeyRef: name: app-config key: ENVIRONMENT # Environment variables from Secret - name: DB_USERNAME valueFrom: secretKeyRef: name: db-secret key: DB_USERNAME - name: DB_PASSWORD valueFrom: secretKeyRef: name: db-secret key: DB_PASSWORD volumeMounts: # Mount ConfigMap as files - name: config-volume mountPath: /app/config - name: secret-volume mountPath: /app/secrets readOnly: true volumes: - name: config-volume configMap: name: app-config - name: secret-volume secret: secretName: db-secret