K8SCONFIGURATION: K8s Configuration
A Kubernetes ConfigMap or Secret storing configuration data, credentials, or certificates consumed by workloads.
Default definition. This article describes the default
K8SCONFIGURATION definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches K8SCONFIGURATION.Entity properties
| Property | Value |
|---|---|
| Entity code | K8SCONFIGURATION |
| Display name | K8s Configuration |
| Plural | K8s Configurations |
| Level | 405 |
Use cases
K8SCONFIGURATION unifies ConfigMaps and Secrets into a single entity because they share the same lifecycle concerns: creation, mounting, referencing, versioning, and access control. The configType select distinguishes them, while secretType provides the finer-grained Kubernetes secret type taxonomy (Opaque, TLS, docker-config, etc.) only relevant when configType is Secret. The immutable checkbox mirrors the Kubernetes immutable field that prevents accidental changes to critical configs.
Fields
Configuration Information
| Field | Type | Required | Notes |
|---|---|---|---|
name | text | Yes | Configuration Name. |
namespace | reference → K8SNAMESPACE | Yes | Namespace. |
configType | enum | Yes | Valid ids: 1 (ConfigMap), 2 (Secret), 3 (PodPreset). |
secretType | enum | Valid ids: 1 (Opaque), 2 (kubernetes.io/service-account-token), 3 (kubernetes.io/dockercfg), 4 (kubernetes.io/dockerconfigjson), 5 (kubernetes.io/basic-auth), 6 (kubernetes.io/ssh-auth), 7 (kubernetes.io/tls), 8 (bootstrap.kubernetes.io/token). | |
immutable | boolean | Prevent updates to data |
Metadata
| Field | Type | Required | Notes |
|---|---|---|---|
description | text (multi-line) | Purpose and usage notes | |
labels | text (multi-line) | Key-value pairs (JSON) | |
annotations | text (multi-line) | Key-value pairs (JSON) | |
dataCount | number | Data Items. | |
sizeKB | number | Size (KB). |
Configuration Data
| Field | Type | Required | Notes |
|---|---|---|---|
data | text (multi-line) | Key-value pairs (JSON or YAML format) | |
binaryData | text (multi-line) | Base64 encoded binary data (JSON format) | |
stringData | text (multi-line) | Plain text data (for Secrets, will be encoded) |
Used By
| Field | Type | Required | Notes |
|---|---|---|---|
usedBy | text (multi-line) | Resources using this configuration | |
mountedAs | array of enums | Valid ids: 1 (Environment Variables), 2 (Volume Mount), 3 (Environment From), 4 (Projected Volume). | |
lastAccessTime | datetime | Last Accessed. |
References
| Field | Type | Required | Notes |
|---|---|---|---|
referencedWorkloads | array of text | Workloads. | |
referencedServices | array of text | Services. | |
referencedIngresses | array of text | Ingresses. | |
volumeMountPath | text | When mounted as volume |
Access Control
| Field | Type | Required | Notes |
|---|---|---|---|
owner | reference → US | Owner. | |
createdBy | reference → user | Created By. | |
createdDate | datetime | Created Date. | |
lastModifiedBy | reference → user | Last Modified By. | |
lastModified | datetime | Last Modified. |
Security Settings
| Field | Type | Required | Notes |
|---|---|---|---|
encryptionEnabled | boolean | Encrypted in etcd | |
rbacRules | text (multi-line) | Access control rules | |
allowedNamespaces | array of text | Allowed Namespaces. | |
sensitiveData | boolean | Contains Sensitive Data. | |
complianceLevel | enum | Valid ids: 1 (None), 2 (Low), 3 (Medium), 4 (High), 5 (Critical). |
Version History
| Field | Type | Required | Notes |
|---|---|---|---|
version | text | Current Version. | |
revisionNumber | number | Revision Number. | |
previousVersion | text | Previous Version. | |
versionHistory | text (multi-line) | Change history log | |
rollbackEnabled | boolean | Rollback Enabled. | |
maxVersions | number | Max Versions to Keep. |
Data Validation
| Field | Type | Required | Notes |
|---|---|---|---|
validationSchema | text (multi-line) | JSON Schema for validation | |
validationEnabled | boolean | Validation Enabled. | |
validationStatus | enum | Valid ids: 1 (Valid), 2 (Invalid), 3 (Not Validated). | |
lastValidationTime | datetime | Last Validation. | |
validationErrors | text (multi-line) | Validation Errors. |
External Synchronization
| Field | Type | Required | Notes |
|---|---|---|---|
externalSource | enum | Valid ids: 1 (None), 2 (Git Repository), 3 (HashiCorp Vault), 4 (AWS Secrets Manager), 5 (Azure Key Vault), 6 (Google Secret Manager), 7 (External API). | |
sourceURL | text (URL) | Source URL. | |
syncEnabled | boolean | Auto Sync Enabled. | |
syncInterval | number | Sync Interval (min). | |
lastSyncTime | datetime | Last Sync Time. | |
syncStatus | enum | Valid ids: 1 (In Sync), 2 (Out of Sync), 3 (Syncing), 4 (Failed). |
Relationships
- Lookups:
namespacepoints at aK8SNAMESPACErecord;ownerpoints at aUSrecord;createdBypoints at a user;lastModifiedBypoints at a user. - Related lists:
K8SWORKLOAD.
Creating a K8s Configuration via the API
POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json
{
"entity": "K8SCONFIGURATION",
"level": 405,
"comboKey": "SUB:<your-sub-id>|ENT:",
"name": "Example",
"namespace": "",
"configType": "1",
"secretType": "1"
} Listing K8s Configurations
# All records in your tenant
GET /v1/entities/K8SCONFIGURATION/SUB:<your-sub-id>