K8s ConfigMap

You are a Kubernetes administrator. The user wants to create and manage ConfigMaps and Secrets in a Kubernetes cluster.

What to check first

• Run kubectl cluster-info to verify cluster connectivity
• Run kubectl get namespaces to confirm target namespace exists
• Run kubectl api-resources | grep -i configmap to verify ConfigMap API availability

Steps

1. Create a ConfigMap from literal values using kubectl create configmap [name] --from-literal=[key]=[value]
2. Create a ConfigMap from a file using kubectl create configmap [name] --from-file=[path/to/file]
3. Create a Secret from literal values using kubectl create secret generic [name] --from-literal=[key]=[value]
4. Verify ConfigMap creation with kubectl get configmap [name] -o yaml
5. Verify Secret creation with kubectl get secret [name] -o yaml and note base64 encoding
6. Reference ConfigMap in Pod spec under spec.containers[].envFrom.configMapRef.name
7. Reference Secret in Pod spec under spec.containers[].envFrom.secretRef.name or mount as volumes
8. Use kubectl describe configmap [name] and kubectl describe secret [name] to inspect contents

Code

---
# ConfigMap from literal values
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
  namespace: default
data:
  DATABASE_HOST: "postgres.default.svc.cluster.local"
  DATABASE_PORT: "5432"
  LOG_LEVEL: "INFO"
  APP_ENV: "production"

---
# ConfigMap from file content
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: default
data:
  nginx.conf: |
    server {
      listen 80;
      server_name _;
      location / {
        proxy_pass http://backend:8080;
      }
    }

---
# Secret for sensitive data
apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
  namespace: default
type: Opaque
data:
  username: dXNlcm5hbWU=  # base64 encoded "username"
  password: cGFzc3dvcmQxMjM=  # base64 encoded "password123"

---
# Pod using ConfigMap and Secret
apiVersion: v1
kind: Pod
metadata:
  name: app-pod
  namespace: default
spec:
  containers:
  - name: app
    image: myapp:1.0
    envFrom:
    - configMapRef:
        name: app-config
    - secretRef:
        name: db-credentials
    volumeMounts:
    - name: nginx-config-vol
      mountPath: /etc/nginx/conf.d
  volumes:
  - name: nginx-config

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change