A ConfigMap in Kubernetes is an API object used to store non-confidential configuration data in key-value pairs, so you can separate configuration from application code.
It allows you to dynamically configure your applications without rebuilding container images.
⚙️ Definition
A ConfigMap provides a way to inject configuration data into Pods — such as environment variables, command-line arguments, or configuration files.
ConfigMaps are ideal for settings, not secrets. (Sensitive data → use a Secret instead.)
🧩 Why Use a ConfigMap
- Keeps your app code independent of environment-specific settings.
- Allows configuration changes without modifying or redeploying container images.
- Makes your system portable across environments (dev, test, prod).
🧾 Example 1: Simple Key-Value ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_MODE: "production"
APP_PORT: "8080"
LOG_LEVEL: "info"
You can create this from a file or literal values using kubectl:
kubectl create configmap app-config --from-literal=APP_MODE=production --from-literal=APP_PORT=8080
🧾 Example 2: File-Based ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config-files
data:
config.json: |
{
"debug": false,
"maxConnections": 100
}
app.properties: |
message=Welcome to Kubernetes
This allows you to mount configuration files directly inside your Pods.
🧰 Using a ConfigMap in a Pod
1. As Environment Variables
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
spec:
containers:
- name: myapp
image: nginx
envFrom:
- configMapRef:
name: app-config
Result:
Inside the container:
$ echo $APP_MODE
production
2. As Individual Environment Variables
env:
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: app-config
key: LOG_LEVEL
3. As Mounted Files
apiVersion: v1
kind: Pod
metadata:
name: configmap-volume-pod
spec:
containers:
- name: myapp
image: busybox
command: ["cat", "/etc/config/app.properties"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: app-config-files
Result:
Files from the ConfigMap (config.json, app.properties) appear under /etc/config.
🔄 Updating a ConfigMap
- If you update a ConfigMap, Pods won’t automatically reload the new values.
- You need to restart the Pods (or use a sidecar/reloader pattern) to apply the new config.
🧠 Best Practices
| Practice | Description |
|---|---|
| Keep secrets out | Don’t store passwords or tokens — use Secrets. |
| Use labels | Helps organize ConfigMaps for different apps/environments. |
| Small ConfigMaps | Avoid large files or binary data. |
| Version your ConfigMaps | Use naming conventions (e.g., app-config-v2). |
| Automate reload | Use tools like Reloader, Stakater, or custom scripts. |
📊 ConfigMap vs Secret
| Feature | ConfigMap | Secret |
|---|---|---|
| Purpose | Non-sensitive config data | Sensitive data (passwords, tokens) |
| Storage | Plain text | Base64-encoded |
| Encryption | None by default | Supported via encryption at rest |
| Typical Use | App settings, URLs, ports | API keys, credentials |
🚀 Common Use Cases
- Environment-specific app settings (
MODE=dev,API_URL=https://api.example.com) - Configuration files (
application.properties,.env, JSON, YAML) - Command-line arguments or script parameters