Update k8s ConfigMap or Secret without deleting the existing one

I've been using K8S ConfigMap and Secret to manage our properties. My design is pretty simple, that keeps properties files in a git repo and use build server such as Thoughtworks GO to automatically deploy them to be ConfigMaps or Secrets (on choice condition) to my k8s cluster.

Currently, I found it's not really efficient that I have to always delete the existing ConfigMap and Secret and create the new one to update as below:

1. kubectl delete configmap foo

2. kubectl create configmap foo --from-file foo.properties

Is there a nice and simple way to make above one step and more efficient than deleting current? potentially what I'm doing now may compromise the container that uses these configmaps if it tries to mount while the old configmap is deleted and the new one hasn't been created.

You can get YAML from the kubectl create configmap command and pipe it to kubectl apply, like this:

kubectl create configmap foo --from-file foo.properties -o yaml --dry-run | kubectl apply -f -

For future reference, kubectl replace is now a very handy way to achieve this

kubectl replace -f some_spec.yaml Let you update a complete configMap (or other objects)

See doc and examples directly here

Copy/pasted from the help:

# Replace a pod using the data in pod.json.
kubectl replace -f ./pod.json

# Replace a pod based on the JSON passed into stdin.
cat pod.json | kubectl replace -f -

# Update a single-container pod's image version (tag) to v4
kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -

# Force replace, delete and then re-create the resource
kubectl replace --force -f ./pod.json

For small changes in configMap, use edit

kubectl edit configmap <cfg-name>

This will open configMap in vi editor. Make the changes and save it.

kubectl replace fails if a configmap does not already exist:

$ kubectl create configmap foo --from-file foo.properties -o yaml --dry-run=client | kubectl replace -f -

Error from server (NotFound): error when replacing "STDIN": configmaps "falco-config" not found

Best solution is to use kubectl apply which would create configmap if not present else update configmap if it is present:

$ kubectl create configmap foo --from-file foo.properties -o yaml --dry-run=client | kubectl apply -f -

configmap/falco-config configured

Take a copy of the existing configmap:

kubectl get configmap foo -o yaml > foo.yaml

And then do the modifications and use apply command, this should work.

kubectl apply -f foo.yaml

Note: Incase if you see any of the following issue, then include latest "resourceVersion" from the existing config map and try again.

" Operation cannot be fulfilled on configmaps "foo": the object has been modified; please apply your changes to the latest version and try again"

You may think about using GitOps to achieve it. In my case I use ArgoCD as the gitops tool and it detects K8S yaml files in Github then apply the changes automatically.