--- title: Configure a Pod to Use a ConfigMap content_template: templates/task weight: 150 --- {{% capture overview %}} ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. This page provides a series of usage examples demonstrating how to create ConfigMaps and configure Pods using data stored in ConfigMaps. {{% /capture %}} {{% capture prerequisites %}} {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} {{% /capture %}} {{% capture steps %}} ## Create a ConfigMap Use the `kubectl create configmap` command to create configmaps from [directories](#create-configmaps-from-directories), [files](#create-configmaps-from-files), or [literal values](#create-configmaps-from-literal-values): ```shell kubectl create configmap ``` where \ is the name you want to assign to the ConfigMap and \ is the directory, file, or literal value to draw the data from. The data source corresponds to a key-value pair in the ConfigMap, where * key = the file name or the key you provided on the command line, and * value = the file contents or the literal value you provided on the command line. You can use [`kubectl describe`](/docs/reference/generated/kubectl/kubectl-commands/#describe) or [`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) to retrieve information about a ConfigMap. ### Create ConfigMaps from directories You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory. For example: ```shell mkdir -p configure-pod-container/configmap/kubectl/ wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/game.properties -O configure-pod-container/configmap/kubectl/game.properties wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/ui.properties -O configure-pod-container/configmap/kubectl/ui.properties kubectl create configmap game-config --from-file=configure-pod-container/configmap/kubectl/ ``` combines the contents of the `configure-pod-container/configmap/kubectl/` directory ```shell ls configure-pod-container/configmap/kubectl/ game.properties ui.properties ``` into the following ConfigMap: ```shell kubectl describe configmaps game-config Name: game-config Namespace: default Labels: Annotations: Data ==== game.properties: 158 bytes ui.properties: 83 bytes ``` The `game.properties` and `ui.properties` files in the `configure-pod-container/configmap/kubectl/` directory are represented in the `data` section of the ConfigMap. ```shell kubectl get configmaps game-config -o yaml ``` ```yaml apiVersion: v1 data: game.properties: | enemies=aliens lives=3 enemies.cheat=true enemies.cheat.level=noGoodRotten secret.code.passphrase=UUDDLRLRBABAS secret.code.allowed=true secret.code.lives=30 ui.properties: | color.good=purple color.bad=yellow allow.textmode=true how.nice.to.look=fairlyNice kind: ConfigMap metadata: creationTimestamp: 2016-02-18T18:52:05Z name: game-config namespace: default resourceVersion: "516" selfLink: /api/v1/namespaces/default/configmaps/game-config uid: b4952dc3-d670-11e5-8cd0-68f728db1985 ``` ### Create ConfigMaps from files You can use `kubectl create configmap` to create a ConfigMap from an individual file, or from multiple files. For example, ```shell kubectl create configmap game-config-2 --from-file=configure-pod-container/configmap/kubectl/game.properties ``` would produce the following ConfigMap: ```shell kubectl describe configmaps game-config-2 Name: game-config-2 Namespace: default Labels: Annotations: Data ==== game.properties: 158 bytes ``` You can pass in the `--from-file` argument multiple times to create a ConfigMap from multiple data sources. ```shell kubectl create configmap game-config-2 --from-file=configure-pod-container/configmap/kubectl/game.properties --from-file=configure-pod-container/configmap/kubectl/ui.properties ``` ```shell kubectl describe configmaps game-config-2 Name: game-config-2 Namespace: default Labels: Annotations: Data ==== game.properties: 158 bytes ui.properties: 83 bytes ``` Use the option `--from-env-file` to create a ConfigMap from an env-file, for example: ```shell # Env-files contain a list of environment variables. # These syntax rules apply: # Each line in an env file has to be in VAR=VAL format. # Lines beginning with # (i.e. comments) are ignored. # Blank lines are ignored. # There is no special handling of quotation marks (i.e. they will be part of the ConfigMap value)). wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/game-env-file.properties -O configure-pod-container/configmap/kubectl/game-env-file.properties cat configure-pod-container/configmap/kubectl/game-env-file.properties enemies=aliens lives=3 allowed="true" # This comment and the empty line above it are ignored ``` ```shell kubectl create configmap game-config-env-file \ --from-env-file=configure-pod-container/configmap/kubectl/game-env-file.properties ``` would produce the following ConfigMap: ```shell kubectl get configmap game-config-env-file -o yaml ``` ```yaml apiVersion: v1 data: allowed: '"true"' enemies: aliens lives: "3" kind: ConfigMap metadata: creationTimestamp: 2017-12-27T18:36:28Z name: game-config-env-file namespace: default resourceVersion: "809965" selfLink: /api/v1/namespaces/default/configmaps/game-config-env-file uid: d9d1ca5b-eb34-11e7-887b-42010a8002b8 ``` When passing `--from-env-file` multiple times to create a ConfigMap from multiple data sources, only the last env-file is used: ```shell wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/ui-env-file.properties -O configure-pod-container/configmap/kubectl/ui-env-file.properties kubectl create configmap config-multi-env-files \ --from-env-file=configure-pod-container/configmap/kubectl/game-env-file.properties \ --from-env-file=configure-pod-container/configmap/kubectl/ui-env-file.properties ``` would produce the following ConfigMap: ```shell kubectl get configmap config-multi-env-files -o yaml ``` ```yaml apiVersion: v1 data: color: purple how: fairlyNice textmode: "true" kind: ConfigMap metadata: creationTimestamp: 2017-12-27T18:38:34Z name: config-multi-env-files namespace: default resourceVersion: "810136" selfLink: /api/v1/namespaces/default/configmaps/config-multi-env-files uid: 252c4572-eb35-11e7-887b-42010a8002b8 ``` #### Define the key to use when creating a ConfigMap from a file You can define a key other than the file name to use in the `data` section of your ConfigMap when using the `--from-file` argument: ```shell kubectl create configmap game-config-3 --from-file== ``` where `` is the key you want to use in the ConfigMap and `` is the location of the data source file you want the key to represent. For example: ```shell kubectl create configmap game-config-3 --from-file=game-special-key=configure-pod-container/configmap/kubectl/game.properties kubectl get configmaps game-config-3 -o yaml ``` ```yaml apiVersion: v1 data: game-special-key: | enemies=aliens lives=3 enemies.cheat=true enemies.cheat.level=noGoodRotten secret.code.passphrase=UUDDLRLRBABAS secret.code.allowed=true secret.code.lives=30 kind: ConfigMap metadata: creationTimestamp: 2016-02-18T18:54:22Z name: game-config-3 namespace: default resourceVersion: "530" selfLink: /api/v1/namespaces/default/configmaps/game-config-3 uid: 05f8da22-d671-11e5-8cd0-68f728db1985 ``` ### Create ConfigMaps from literal values You can use `kubectl create configmap` with the `--from-literal` argument to define a literal value from the command line: ```shell kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm ``` You can pass in multiple key-value pairs. Each pair provided on the command line is represented as a separate entry in the `data` section of the ConfigMap. ```shell kubectl get configmaps special-config -o yaml ``` ```yaml apiVersion: v1 data: special.how: very special.type: charm kind: ConfigMap metadata: creationTimestamp: 2016-02-18T19:14:38Z name: special-config namespace: default resourceVersion: "651" selfLink: /api/v1/namespaces/default/configmaps/special-config uid: dadce046-d673-11e5-8cd0-68f728db1985 ``` ## Define Pod environment variables using ConfigMap data ### Define a Pod environment variable with data from a single ConfigMap 1. Define an environment variable as a key-value pair in a ConfigMap: ```shell kubectl create configmap special-config --from-literal=special.how=very ``` 1. Assign the `special.how` value defined in the ConfigMap to the `SPECIAL_LEVEL_KEY` environment variable in the Pod specification. ```shell kubectl edit pod dapi-test-pod ``` ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: # Define the environment variable - name: SPECIAL_LEVEL_KEY valueFrom: configMapKeyRef: # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY name: special-config # Specify the key associated with the value key: special.how restartPolicy: Never ``` 1. Save the changes to the Pod specification. Now, the Pod's output includes `SPECIAL_LEVEL_KEY=very`. ### Define Pod environment variables with data from multiple ConfigMaps 1. As with the previous example, create the ConfigMaps first. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: special-config namespace: default data: special.how: very ``` ```yaml apiVersion: v1 kind: ConfigMap metadata: name: env-config namespace: default data: log_level: INFO ``` 1. Define the environment variables in the Pod specification. ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: - name: SPECIAL_LEVEL_KEY valueFrom: configMapKeyRef: name: special-config key: special.how - name: LOG_LEVEL valueFrom: configMapKeyRef: name: env-config key: log_level restartPolicy: Never ``` 1. Save the changes to the Pod specification. Now, the Pod's output includes `SPECIAL_LEVEL_KEY=very` and `LOG_LEVEL=info`. ## Configure all key-value pairs in a ConfigMap as Pod environment variables {{< note >}} **Note:** This functionality is available to users running Kubernetes v1.6 and later. {{< /note >}} 1. Create a ConfigMap containing multiple key-value pairs. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: special-config namespace: default data: SPECIAL_LEVEL: very SPECIAL_TYPE: charm ``` 1. Use `envFrom` to define all of the ConfigMap's data as Pod environment variables. The key from the ConfigMap becomes the environment variable name in the Pod. ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] envFrom: - configMapRef: name: special-config restartPolicy: Never ``` 1. Save the changes to the Pod specification. Now, the Pod's output includes `SPECIAL_LEVEL=very` and `SPECIAL_TYPE=charm`. ## Use ConfigMap-defined environment variables in Pod commands You can use ConfigMap-defined environment variables in the `command` section of the Pod specification using the `$(VAR_NAME)` Kubernetes substitution syntax. For example: The following Pod specification ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ] env: - name: SPECIAL_LEVEL_KEY valueFrom: configMapKeyRef: name: special-config key: SPECIAL_LEVEL - name: SPECIAL_TYPE_KEY valueFrom: configMapKeyRef: name: special-config key: SPECIAL_TYPE restartPolicy: Never ``` produces the following output in the `test-container` container: ```shell very charm ``` ## Add ConfigMap data to a Volume As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of the ConfigMap. The file contents become the key's value. The examples in this section refer to a ConfigMap named special-config, shown below. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: special-config namespace: default data: special.level: very special.type: charm ``` ### Populate a Volume with data stored in a ConfigMap Add the ConfigMap name under the `volumes` section of the Pod specification. This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this case, `/etc/config`). The `command` section references the `special.level` item stored in the ConfigMap. ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "ls /etc/config/" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: # Provide the name of the ConfigMap containing the files you want # to add to the container name: special-config restartPolicy: Never ``` When the pod runs, the command (`"ls /etc/config/"`) produces the output below: ```shell special.level special.type ``` {{< caution >}} **Caution:** If there are some files in the `/etc/config/` directory, they will be deleted. {{< /caution >}} ### Add ConfigMap data to a specific path in the Volume Use the `path` field to specify the desired file path for specific ConfigMap items. In this case, the `special.level` item will be mounted in the `config-volume` volume at `/etc/config/keys`. ```yaml apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh","-c","cat /etc/config/keys" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config items: - key: special.level path: keys restartPolicy: Never ``` When the pod runs, the command (`"cat /etc/config/keys"`) produces the output below: ```shell very ``` ### Project keys to specific paths and file permissions You can project keys to specific paths and specific permissions on a per-file basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) user guide explains the syntax. ### Mounted ConfigMaps are updated automatically When a ConfigMap already being consumed in a volume is updated, projected keys are eventually updated as well. Kubelet is checking whether the mounted ConfigMap is fresh on every periodic sync. However, it is using its local ttl-based cache for getting the current value of the ConfigMap. As a result, the total delay from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod can be as long as kubelet sync period + ttl of ConfigMaps cache in kubelet. {{< note >}} **Note:** A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. {{< /note >}} {{% /capture %}} {{% capture discussion %}} ## Understanding ConfigMaps and Pods The ConfigMap API resource stores configuration data as key-value pairs. The data can be consumed in pods or provide the configurations for system components such as controllers. ConfigMap is similar to [Secrets](/docs/concepts/configuration/secret/), but provides a means of working with strings that don't contain sensitive information. Users and system components alike can store configuration data in ConfigMap. {{< note >}} **Note:** ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as representing something similar to the Linux `/etc` directory and its contents. For example, if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each data item in the ConfigMap is represented by an individual file in the volume. {{< /note >}} The ConfigMap's `data` field contains the configuration data. As shown in the example below, this can be simple -- like individual properties defined using `--from-literal` -- or complex -- like configuration files or JSON blobs defined using `--from-file`. ```yaml kind: ConfigMap apiVersion: v1 metadata: creationTimestamp: 2016-02-18T19:14:38Z name: example-config namespace: default data: # example of a simple property defined using --from-literal example.property.1: hello example.property.2: world # example of a complex property defined using --from-file example.property.file: |- property.1=value-1 property.2=value-2 property.3=value-3 ``` ### Restrictions 1. You must create a ConfigMap before referencing it in a Pod specification (unless you mark the ConfigMap as "optional"). If you reference a ConfigMap that doesn't exist, the Pod won't start. Likewise, references to keys that don't exist in the ConfigMap will prevent the pod from starting. 1. If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered invalid will be skipped. The pod will be allowed to start, but the invalid names will be recorded in the event log (`InvalidVariableNames`). The log message lists each skipped key. For example: ```shell kubectl get events LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames {kubelet, 127.0.0.1} Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names. ``` 1. ConfigMaps reside in a specific [namespace](/docs/concepts/overview/working-with-objects/namespaces/). A ConfigMap can only be referenced by pods residing in the same namespace. 1. Kubelet doesn't support the use of ConfigMaps for pods not found on the API server. This includes pods created via the Kubelet's --manifest-url flag, --config flag, or the Kubelet REST API. {{< note >}} **Note:** These are not commonly-used ways to create pods. {{< /note >}} {{% /capture %}} {{% capture whatsnext %}} * Follow a real world example of [Configuring Redis using a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/). {{% /capture %}}