cloudnative wiki

L05 — Config & Storage

2 min read

L05 — Config & Storage

Two intertwined problems: how do containers get their configuration (and how do you keep secrets out of images), and how do stateful workloads get durable disks.

What you’ll understand after this level

  • ConfigMap for non-sensitive config, Secret for sensitive — what’s the same, what’s different, why secrets are barely-secret by default
  • The two ways to consume config in a pod: env vars vs mounted files
  • Why you almost never put config in a container image
  • The PV / PVC / StorageClass dance — how a pod claims durable storage
  • Storage access modes (RWO, ROX, RWX, RWOP) and what they mean in practice
  • The common volume types and when to use each (emptyDir, hostPath, CSI, ephemeral)
  • Resource quotas and LimitRange — how to put guardrails on a namespace

Notes in this level

|| Note | Status | What’s in it | |------|--------|--------------| || ConfigMaps | ✅ | The config-as-object pattern, env vs volume mounts, file mount permissions, immutable ConfigMaps | || Secrets | ✅ | Secret types (Opaque, dockerconfigjson, tls, bootstrap-token), base64 encoding, encryption-at-rest | || Storage | 🟡 | High-level overview of PV/PVC/StorageClass — quick-reference summary, not a deep-dive | || PersistentVolume | ✅ | Cluster-scoped storage resource, lifecycle, reclaim policies (Retain/Delete/Recycle), access modes | || PersistentVolumeClaim | ✅ | Namespaced storage request, binding, expansion, snapshots, clone | || StorageClass | ✅ | Dynamic provisioning, provisioners, WaitForFirstConsumer, the default-class trap | || Volume Types | ✅ | emptyDir, hostPath, NFS, CSI, ephemeral, mount options, the volume mount propagation problem | || Resource Quota | ✅ | Quotas on CPU/memory/object counts, LimitRange defaults per namespace, the priority class trick |

Suggested reading order

  1. ConfigMaps — most apps need this first
  2. Secrets — once you need credentials or tokens
  3. Resource Quota — before you share a cluster with other teams
  4. PersistentVolumePersistentVolumeClaimStorageClass — read in this order, they’re a chain
  5. Volume Types — once you know the model, the volume sources in a Pod spec
  6. Storage — the original summary, useful as a quick reference

Where to go next

L06 — Scheduling & Scaling: now that pods exist, decide where they run and what to do when load changes.

Graph View