LAB12: ConfigMap & Secret

LAB90: ConfigMap & Secret

1. CONFIGMAP — MULTIPLE SCENARIOS

A. Single Key-Value ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-single
data:
  APP_MODE: "production"

B. Multiple Key-Value Pairs

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-multi
data:
  DB_HOST: "mysql"
  DB_PORT: "3306"
  FEATURE_FLAG: "true"

C. YAML File Inside a ConfigMap

D. JSON File Inside a ConfigMap

E. Raw Text File

2. USING CONFIGMAPS IN PODS

A. Using configMapRef (envFrom)

Loads all keys as environment variables.

Inside pod:

B. Using valueFrom configMapKeyRef (only one key)

C. Mounting the ConfigMap as Files

Inside pod:

D. Mounting Different Keys as Separate Files Using subPath

This creates:

Full Pod Example Combining All Uses

3. BASIC SECRET EXAMPLES (Parallel Same Style)

A. Secret with single key

B. Secret with multiple keys

C. Secret file (YAML / JSON / text)

Mounting Secrets in Pods

A. Secret as environment variables

B. One key only

C. Secret as files

4. WHAT HAPPENS WHEN CONFIGMAP UPDATES?

This is where Kubernetes behaves like a stage magician 🎩 —sometimes instant, sometimes not.

A. If mounted as environment variables

❌ NOT updated automatically Environment variables are baked into the container at start.

To reflect ConfigMap changes:

• You must restart pod (or do rolling restart in Deployment).

B. If mounted as files (volume mount)

✔️ Automatically updated But with a tiny delay (~1–2 seconds), because kubelet syncs in background.

Inside /etc/config/... you'll see:

• New content appears

• Old symlink replaced

• Atomic file swap — no partial writes

⚠️ Except subPath: ❌ Files using subPath do NOT update. You must restart the Pod.

C. Deployments — How updates trigger rollout

ConfigMap change alone does NOT trigger a rollout.

You can enforce automatic rollouts using annotations:

Or manually:

Quick Summary Table