Skip to main content

ConfigMap

A ConfigMap stores non-confidential configuration as key-value pairs in Kubernetes, decoupling configuration from container images.

A ConfigMap is a Kubernetes object for storing non-confidential configuration data as key-value pairs. It separates configuration from application code and container images, so the same image can run with different settings across environments.

How It Works

A ConfigMap holds arbitrary configuration: individual key-value pairs or whole configuration files. Pods can consume a ConfigMap in two main ways: as environment variables injected into a container, or as files mounted via a volume, where each key becomes a file. Command-line arguments can also reference ConfigMap values.

ConfigMaps are namespaced and are not encrypted; they are intended only for non-sensitive data. Sensitive values such as passwords and tokens belong in a Secret instead. When mounted as a volume, ConfigMap updates can propagate to running pods, though changes consumed as environment variables typically require a pod restart to take effect.

Why It Matters

Decoupling configuration from images is a core twelve-factor principle. It lets teams build an image once and promote it unchanged through dev, staging, and production, varying only the configuration. This improves reproducibility and reduces the risk of environment-specific image drift.

ConfigMaps also make configuration auditable and version-controllable through GitOps workflows, where the desired config lives in source control and is applied declaratively.

Related Terms

A ConfigMap supplies non-secret configuration to pods, complements the Secret object for sensitive data, is scoped to a namespace, and is often referenced by a Deployment.