SYS ARCHITECTLearning Platform
Settings
Theory

Kubernetes ConfigMap: Decoupling Configuration

📋 Overview

A ConfigMap is a Kubernetes API object used to store non-confidential data in key-value pairs. Its primary purpose is to decouple environment-specific configuration from container images, allowing applications to be portable across Development, Staging, and Production environments without rebuilding the image.


🏗️ Core Principles & Characteristics

  • Key-Value Pairs: Stores data as strings or binary (though Secrets are better for binary).
  • Consumption Methods:
    • Environment Variables: Injected into the container process.
    • Command-line Arguments: Used to dynamically set startup flags.
    • Volume Mounts: Mounted as a file inside the container (allows for live updates).
  • Namespace Scoped: A ConfigMap is only accessible to pods within the same namespace.

⚖️ Trade-offs: Pros & Cons

  • Pros:
    • Portability: Use the same Docker image for all environments.
    • Separation of Concerns: Developers manage code; DevOps/SREs manage ConfigMaps.
    • Dynamic Updates: If mounted as a volume, K8s can update the file inside the container without a pod restart (if the app supports it).
  • Cons:
    • No Encryption: Data is stored in plain text. Never store secrets, keys, or passwords in a ConfigMap.
    • Size Limit: Restricted to 1MB (standard for etcd objects).
    • Stale Config: Environment variables are NOT updated dynamically; only volume mounts are.

🌍 Real-World Implementation

  • Database Hostnames: Pointing to localhost in Dev and db.production.cluster in Prod.
  • Log Levels: Switching from INFO to DEBUG via a ConfigMap change.
  • Feature Flags: Enabling/disabling features by toggling a key in a ConfigMap.
  • Nginx Configuration: Mounting a complex nginx.conf file into an Nginx container.

💡 Interview "Gotchas" & Tips

  • ConfigMap vs. Secret: This is the most common question. ConfigMaps are for public config; Secrets are for sensitive data (encoded in base64, potentially encrypted at rest).
  • Immuntable ConfigMaps: You can mark a ConfigMap as immutable: true. This improves performance and prevents accidental changes that could break the cluster.
  • Pod Restarts: Changing a ConfigMap used as an Env Var requires a pod restart to take effect. If used as a Volume, it updates automatically, but your app must be watching for file changes.

📐 Suggested Architecture Primitives

  • ConfigMap Object: The source of truth.
  • Volume Mount: For file-based configuration.
  • EnvVar Source: For simple key-value injection.
  • Kustomize / Helm: For managing ConfigMaps across multiple environments.
Canvas