ConfigMaps¶
Store non-sensitive application configuration data separately from your container images using ConfigMaps.
Introduction¶
ConfigMaps store configuration data that your applications need to function, such as environment URLs, feature flags, and application settings. Unlike Secrets, ConfigMaps are for non-sensitive data that can be viewed openly.
Why use ConfigMaps:
- Keep configuration separate from container images
- Change settings without rebuilding applications
- Share configuration across multiple containers
- Environment-specific settings (dev vs prod)
ConfigMaps vs Secrets:
- ConfigMaps: Non-sensitive configuration data (API URLs, feature flags, log levels) - managed via GitOps
- Secrets: Sensitive data (passwords, API keys, certificates)
Creating ConfigMaps¶
Using YAML Manifests¶
Since ConfigMaps contain non-sensitive data, manage them via GitOps in your code repository:
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: my-app
data:
app-env: "production"
log-level: "info"
api-base-url: "https://api.example.com"
feature-x-enabled: "true"
Environment-Specific ConfigMaps¶
Create different ConfigMaps for each environment:
# Development environment
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: my-app-dev
data:
log-level: "debug"
api-base-url: "https://api.dev.example.com"
---
# Production environment
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: my-app-prod
data:
log-level: "warn"
api-base-url: "https://api.example.com"
Using ConfigMaps¶
Environment Variables¶
Most common way to consume configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
template:
spec:
containers:
- name: my-app
image: my-app:latest
env:
# Reference specific config keys
- name: APP_ENV
valueFrom:
configMapKeyRef:
name: app-config
key: app-env
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: app-config
key: log-level
# Or use envFrom to load all keys
envFrom:
- configMapRef:
name: app-config
Volume Mounts¶
For configuration files:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
template:
spec:
containers:
- name: nginx
image: nginxinc/nginx-unprivileged:latest
volumeMounts:
- name: config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
volumes:
- name: config
configMap:
name: nginx-config
Complete Example: Application with ConfigMaps¶
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: my-app
data:
app-env: "production"
log-level: "info"
api-base-url: "https://api.example.com"
feature-x-enabled: "true"
---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: my-app:latest
env:
- name: APP_ENV
valueFrom:
configMapKeyRef:
name: app-config
key: app-env
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: app-config
key: log-level
- name: API_BASE_URL
valueFrom:
configMapKeyRef:
name: app-config
key: api-base-url
Best Practices¶
Configuration Guidelines¶
- Never put secrets in ConfigMaps - use Secrets for sensitive data
- Use environment-specific values - different ConfigMaps per environment (dev, staging, prod)
Operational Considerations¶
- ConfigMap updates require pod restarts - restart the deployment to pick up new values
- Use namespace isolation - ConfigMaps are namespace-scoped
Next Steps¶
Now that you understand ConfigMaps:
- Secrets - For sensitive configuration data
- Container Registries - Using private container images