Back to Glossary
Configuration

ConfigMap

An API object that stores non-sensitive configuration data as key-value pairs, injected into Pods as env vars or mounted files.

What is ConfigMap?

A ConfigMap decouples configuration from container images, following the twelve-factor app principle of separating config from code. Configuration data (application properties, feature flags, connection strings for non-sensitive services, JSON/YAML config files) is stored in a ConfigMap object and referenced by Pod specs via environment variables, command-line arguments, or volume mounts that project the keys as files in a directory.

ConfigMaps are namespace-scoped and limited to 1MiB of data per object (an etcd constraint). They support two formats: the data field for UTF-8 strings and the binaryData field for base64-encoded binary blobs. When a ConfigMap is updated, mounted volumes reflect the change within the kubelet sync period (around 1 minute by default), but environment variables sourced from ConfigMaps require a Pod restart to pick up new values.

ConfigMaps with no immutable: true field are mutable by default and can be changed at any time. Setting immutable: true both protects against accidental changes and improves performance — the kubelet no longer needs to watch the ConfigMap for changes, reducing API server load at scale.

Example

# List all ConfigMaps across the cluster (excluding system namespace)
kubectl get configmaps -A | grep -v kube-system

# Show ConfigMap data
kubectl get configmap app-config -n production -o yaml

# Check which pods reference a ConfigMap
kubectl get pods -n production -o json | jq '.items[].spec | select(.volumes[]?.configMap.name == "app-config") | .containers[].name'

Cost & Waste Implications

Orphaned ConfigMaps don't directly incur cloud costs but add to etcd storage load and contribute to cluster sprawl. More importantly, they often mask security risks — forgotten ConfigMaps may hold connection strings or API endpoints that expose internal infrastructure. In large clusters, thousands of orphaned ConfigMaps measurably slow kubectl get and list operations for all users.

KorPro— Kubernetes Cost Optimization

How KorPro Helps

KorPro's Inspector detects ConfigMaps with no Pod references, volume mounts, or environment variable bindings — including those hidden behind cascading dependency chains.

Scan Your Cluster Free

Related Terms

Secret

Configuration

An API object for storing sensitive data such as passwords, tokens, and TLS certificates, base64-encoded in etcd.

Read definition

Namespace

Core Concepts

A virtual partition within a cluster that isolates resources, access control, and networking between teams or environments.

Read definition

Orphaned Resource

FinOps

A Kubernetes resource that is no longer referenced by any active workload but continues to exist in the cluster, often incurring cost.

Read definition

Pod

Core Concepts

The smallest deployable unit in Kubernetes — one or more containers that share a network namespace and storage volumes.

Read definition

Stop Wasting Money on Orphaned Kubernetes Resources

KorPro connects to your clusters across GCP, AWS, and Azure — no agents, no installation — and surfaces every orphaned resource with its monthly cost estimate.

Get Started Free Contact Sales