Update k8s ConfigMap or Secret without deleting the existing one
KubernetesConfigmapKubernetes Problem Overview
I've been using K8S ConfigMap and Secret to manage our properties. My design is pretty simple, that keeps properties files in a git repo and use build server such as Thoughtworks GO to automatically deploy them to be ConfigMaps or Secrets (on choice condition) to my k8s cluster.
Currently, I found it's not really efficient that I have to always delete the existing ConfigMap and Secret and create the new one to update as below:
-
kubectl delete configmap foo
-
kubectl create configmap foo --from-file foo.properties
Is there a nice and simple way to make above one step and more efficient than deleting current? potentially what I'm doing now may compromise the container that uses these configmaps if it tries to mount while the old configmap is deleted and the new one hasn't been created.
Kubernetes Solutions
Solution 1 - Kubernetes
You can get YAML from the kubectl create configmap
command and pipe it to kubectl apply
, like this:
kubectl create configmap foo --from-file foo.properties -o yaml --dry-run | kubectl apply -f -
Solution 2 - Kubernetes
For future reference, kubectl replace
is now a very handy way to achieve this
kubectl replace -f some_spec.yaml
Let you update a complete configMap (or other objects)
See doc and examples directly here
Copy/pasted from the help:
# Replace a pod using the data in pod.json.
kubectl replace -f ./pod.json
# Replace a pod based on the JSON passed into stdin.
cat pod.json | kubectl replace -f -
# Update a single-container pod's image version (tag) to v4
kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
# Force replace, delete and then re-create the resource
kubectl replace --force -f ./pod.json
Solution 3 - Kubernetes
For small changes in configMap
, use edit
kubectl edit configmap <cfg-name>
This will open configMap in vi
editor. Make the changes and save it.
Solution 4 - Kubernetes
kubectl replace
fails if a configmap does not already exist:
$ kubectl create configmap foo --from-file foo.properties -o yaml --dry-run=client | kubectl replace -f -
Error from server (NotFound): error when replacing "STDIN": configmaps "falco-config" not found
Best solution is to use kubectl apply
which would create configmap if not present else update configmap if it is present:
$ kubectl create configmap foo --from-file foo.properties -o yaml --dry-run=client | kubectl apply -f -
configmap/falco-config configured
Solution 5 - Kubernetes
Take a copy of the existing configmap:
kubectl get configmap foo -o yaml > foo.yaml
And then do the modifications and use apply command, this should work.
kubectl apply -f foo.yaml
Note: Incase if you see any of the following issue, then include latest "resourceVersion" from the existing config map and try again.
" Operation cannot be fulfilled on configmaps "foo": the object has been modified; please apply your changes to the latest version and try again"
Solution 6 - Kubernetes
You may think about using GitOps to achieve it. In my case I use ArgoCD as the gitops tool and it detects K8S yaml files in Github then apply the changes automatically.