Learn · Configuration

Configuration & Secrets

Most outages are configuration outages. The discipline is to prove references and keys before you restart workloads or blame the platform.

What this module covers

Wiring, exposure, and operational realism.

ConfigMaps: non-secret configuration and safe update posture.
Secrets: threat models, access boundaries, rotation costs, and why base64 is not safety.
Wiring: envFrom vs explicit keys, volume mounts, and how missing keys become crash loops.

Safe handling, stated without illusion.

Text

Secrets, Sealing, and the False Promise of Safety

Threat models, encryption boundaries, audit, rotation posture, and workload identity tradeoffs.

Text

On Drift, Entropy, and the Burden of Configuration

Why configuration decays, and how to keep the platform honest over time.

Tutorial

Ingress, Config, and Secrets

Practical examples for Ingress, ConfigMaps, and Secrets—with caveats.

Make config failures legible.

Lab

ConfigMap/Secret Miswire

Prove names and keys, fix wiring once, then roll deliberately.

Atlas

Pods in CrashLoopBackOff

Classify config-driven failures vs probes vs resources vs dependencies.

Continue with operations.

Learn

Operations

kubectl workflows, rollouts, logs/events, and the discipline of change under pressure.

Topic map

Operations (Archive)

Curated readings, labs, and atlas entries for real operator work.