ConfigMap
Kubernetes
Configuration
DevOps
Cloud Management

ConfigMap mapping values

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

Kubernetes ConfigMap objects let you separate runtime configuration from container images. Mapping values correctly is the difference between predictable deployments and hard-to-debug runtime behavior. The two main mapping methods are environment variables and mounted files.

Create and Inspect a ConfigMap

A basic ConfigMap stores string keys and values. You can define it in YAML and apply it like other Kubernetes resources.

yaml
1apiVersion: v1
2kind: ConfigMap
3metadata:
4  name: app-config
5data:
6  APP_MODE: "production"
7  LOG_LEVEL: "info"
8  FEATURE_FLAG_NEW_UI: "true"
bash
kubectl apply -f configmap.yaml
kubectl get configmap app-config -o yaml

This confirms data exists before you map it into a pod.

Map Values as Environment Variables

For application settings that fit key-value style, environment variables are simple and explicit.

yaml
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4  name: api
5spec:
6  replicas: 1
7  selector:
8    matchLabels:
9      app: api
10  template:
11    metadata:
12      labels:
13        app: api
14    spec:
15      containers:
16        - name: api
17          image: nginx:1.27
18          envFrom:
19            - configMapRef:
20                name: app-config

You can also map one key at a time if you want explicit names or optional behavior.

yaml
1env:
2  - name: APP_MODE
3    valueFrom:
4      configMapKeyRef:
5        name: app-config
6        key: APP_MODE

This style is useful when only a few keys are needed.

Map Values as Mounted Files

If your app expects config files, mount the ConfigMap as a volume.

yaml
1volumes:
2  - name: config-volume
3    configMap:
4      name: app-config
5      items:
6        - key: APP_MODE
7          path: app_mode
8        - key: LOG_LEVEL
9          path: log_level
10
11containers:
12  - name: api
13    image: nginx:1.27
14    volumeMounts:
15      - name: config-volume
16        mountPath: /etc/app-config
17        readOnly: true

The container sees files such as /etc/app-config/app_mode. This is common for legacy apps that read local config files on startup.

Update Behavior and Rollout Strategy

ConfigMap updates do not always restart pods automatically. If your app reads environment variables only at startup, you need a rollout to apply new values.

bash
kubectl rollout restart deployment/api

If you mount a config volume, Kubernetes updates files on disk eventually, but your app must support reloading to pick up changes safely.

Namespaces, Validation, and Drift Control

Configuration problems often come from referencing the wrong namespace or key names. Always apply and read ConfigMap objects in the same namespace as the workload. Add CI checks that render manifests and verify every referenced key exists.

A practical pattern is to keep one base config and overlay environment-specific values through your deployment tool. This avoids manual edits in production and reduces configuration drift across clusters.

Versioning and Rollback Safety

For critical services, version config names and roll pods with explicit references, such as app-config-v3. This makes rollback predictable because old and new pods can run with their matching config sets during deployment windows. It also simplifies incident response when a config change causes regressions.

If you use templating tools, generate versioned names automatically from file hashes so changes are traceable in Git and in cluster history. A small pre-deploy smoke check that reads mapped values from a canary pod can catch namespace mismatches before they affect customer traffic.

Common Pitfalls

  • Mixing env var and file mapping without clear ownership causes inconsistent behavior across environments.
  • Expecting pod restarts after every ConfigMap update can leave stale values in running containers.
  • Forgetting items key names must match existing keys leads to empty files or mount errors.
  • Storing secrets in ConfigMap is unsafe. Use Secret for sensitive values.
  • Assuming all apps hot-reload mounted config files can produce false confidence during incident response.

Summary

  • ConfigMap separates configuration from image build artifacts.
  • Map values through env, envFrom, or mounted files depending on app needs.
  • Use items mapping for precise file naming.
  • Plan rollout behavior because updates do not always refresh running processes.
  • Keep sensitive data in Secret, not ConfigMap.

Course illustration
Course illustration

All Rights Reserved.