Kubernetes Configuration Management
Learn how to create, validate, and manage Kubernetes configurations effectively. This guide covers YAML manifests, environment variables, and configuration best practices for reliable deployments.
Overview
Kubernetes uses YAML manifests to define resources like Pods, Deployments, Services, and ConfigMaps. Proper configuration management ensures reliable deployments, easier debugging, and maintainable infrastructure. This guide walks through the complete workflow from writing manifests to managing environment-specific configurations.
Estimated time: 25-35 minutes
Prerequisites: Basic understanding of Kubernetes concepts and YAML syntax
Step 1: Validate Kubernetes YAML Manifests
Start by validating your Kubernetes YAML to catch structural errors before deployment. Invalid manifests will be rejected by the Kubernetes API server.
Example Deployment Manifest
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
namespace: production
labels:
app: web-app
version: v1.0.0
spec:
replicas: 3
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web-app
image: myregistry/web-app:1.0.0
ports:
- containerPort: 8080
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials
key: url
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"Use the Kubernetes YAML Validator to check your manifests. It validates apiVersion, kind, required metadata fields, and provides suggestions for common issues specific to each resource type.
Step 2: Format YAML for Readability
Well-formatted YAML is easier to read, review, and maintain. Consistent indentation prevents parsing errors and makes diffs clearer in version control.
Formatting Best Practices
# ❌ Poor formatting: Inconsistent indentation
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
selector:
app: web-app
ports:
- port: 80
targetPort: 8080
# ✅ Good formatting: Consistent 2-space indentation
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
selector:
app: web-app
ports:
- port: 80
targetPort: 8080Use the YAML Formatter to standardize indentation across your manifests. Choose 2-space indentation (Kubernetes convention) for consistency.
Step 3: Manage Environment Variables
Environment variables configure application behavior across different environments (dev, staging, production). Proper management prevents configuration drift and security issues.
Environment File Example
# .env.production
DATABASE_URL=postgresql://prod-db:5432/myapp
REDIS_URL=redis://prod-cache:6379
API_KEY=prod_key_abc123
LOG_LEVEL=info
ENABLE_METRICS=true
MAX_CONNECTIONS=100
# .env.development
DATABASE_URL=postgresql://localhost:5432/myapp_dev
REDIS_URL=redis://localhost:6379
API_KEY=dev_key_xyz789
LOG_LEVEL=debug
ENABLE_METRICS=false
MAX_CONNECTIONS=10Use the Environment File Formatter to validate and format .env files. It detects duplicate keys, validates variable names, and handles quoted values correctly.
Converting .env to Kubernetes ConfigMap
- Format and validate your .env file
- Create a ConfigMap from the environment variables
- Reference the ConfigMap in your Deployment
- Validate the complete manifest
ConfigMap from Environment Variables
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: production
data:
DATABASE_URL: "postgresql://prod-db:5432/myapp"
REDIS_URL: "redis://prod-cache:6379"
LOG_LEVEL: "info"
ENABLE_METRICS: "true"
MAX_CONNECTIONS: "100"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
template:
spec:
containers:
- name: web-app
image: myregistry/web-app:1.0.0
envFrom:
- configMapRef:
name: app-configStep 4: Convert Between YAML and JSON
Some tools and APIs work better with JSON. Convert between formats while preserving structure and data types.
YAML to JSON Conversion
# Input YAML
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.21
# Output JSON
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "nginx"
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:1.21"
}
]
}
}Use YAML to JSON and JSON to YAML converters for bidirectional transformation. Useful when working with kubectl JSON output or programmatic manifest generation.
Step 5: Validate Complete Manifests
After creating or modifying manifests, perform comprehensive validation to ensure all resources are correctly configured.
Validation Checklist
- ✓ Correct apiVersion for each resource type
- ✓ Valid kind (Deployment, Service, ConfigMap, etc.)
- ✓ Required metadata fields (name, namespace)
- ✓ Proper label selectors matching pod templates
- ✓ Resource requests and limits defined
- ✓ Container image tags specified (avoid :latest)
- ✓ Health checks configured (liveness, readiness)
- ✓ Security contexts defined
- ✓ Secrets referenced correctly
- ✓ Consistent indentation (2 spaces)
Use the Kubernetes YAML Validator to check all these aspects. It provides resource-specific validation and suggestions for improvements.
Step 6: Manage Multi-Environment Configurations
Maintain separate configurations for different environments while keeping common settings DRY (Don't Repeat Yourself).
Base Configuration (base/deployment.yaml)
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
template:
spec:
containers:
- name: web-app
image: myregistry/web-app
ports:
- containerPort: 8080
resources:
requests:
memory: "128Mi"
cpu: "100m"Production Overlay (overlays/production/deployment.yaml)
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
namespace: production
spec:
replicas: 5
template:
spec:
containers:
- name: web-app
image: myregistry/web-app:1.0.0
resources:
limits:
memory: "512Mi"
cpu: "500m"Complete Workflow Example
Here's how all the tools work together for Kubernetes configuration management:
- Create Manifest: Write Kubernetes YAML for your resources
- Format: Standardize indentation with YAML Formatter
- Validate Structure: Check YAML syntax with YAML Validator
- Validate K8s: Verify resource fields with K8s YAML Validator
- Manage Env Vars: Format .env files with Env Formatter
- Create ConfigMaps: Convert env vars to ConfigMap YAML
- Convert if Needed: Transform to JSON with YAML to JSON
- Deploy: Apply validated manifests to your cluster
Best Practices
- Use namespaces: Isolate resources by environment or team
- Label everything: Consistent labels enable better filtering and monitoring
- Set resource limits: Prevent resource exhaustion and enable proper scheduling
- Avoid :latest tags: Pin specific image versions for reproducible deployments
- Use ConfigMaps and Secrets: Separate configuration from code
- Define health checks: Enable automatic recovery and zero-downtime deployments
- Version control manifests: Track changes and enable rollbacks
- Validate before applying: Catch errors locally to avoid cluster issues
- Use consistent indentation: 2 spaces is the Kubernetes convention
- Document complex configurations: Add comments explaining non-obvious settings
Common Resource Types
Deployment
Manages stateless applications with rolling updates and rollbacks. Use for web servers, APIs, and worker processes.
Service
Exposes Pods to network traffic. Types: ClusterIP (internal), NodePort (external on node), LoadBalancer (cloud load balancer).
ConfigMap
Stores non-sensitive configuration data as key-value pairs. Mount as environment variables or files.
Secret
Stores sensitive data like passwords, tokens, and keys. Base64 encoded but not encrypted by default.
Ingress
Manages external HTTP/HTTPS access to services. Provides load balancing, SSL termination, and name-based virtual hosting.
PersistentVolumeClaim
Requests storage resources for stateful applications. Use with StatefulSets for databases and data stores.
Related Tools
- Kubernetes YAML Validator - Validate K8s manifests
- YAML Formatter - Format YAML files
- YAML Validator - Validate YAML syntax
- Environment File Formatter - Format .env files
- YAML to JSON - Convert to JSON format
- JSON to YAML - Convert from JSON
- Base64 Encode - Encode secrets
- Base64 Decode - Decode secrets
Frequently Asked Questions
What's the difference between ConfigMap and Secret?
ConfigMaps store non-sensitive configuration data in plain text. Secrets store sensitive data (passwords, tokens) and are base64 encoded. Secrets can be encrypted at rest with additional cluster configuration. Use Secrets for anything you wouldn't commit to version control.
How do I validate manifests without applying them?
Use kubectl with --dry-run=client or --dry-run=server flags. Client-side validation checks syntax, server-side validation checks against cluster policies. Our validator provides pre-deployment validation without needing cluster access.
Should I use YAML or JSON for Kubernetes manifests?
YAML is preferred for human-written manifests due to better readability and support for comments. JSON is better for programmatic generation and some API interactions. Kubernetes accepts both formats.
How do I manage secrets securely?
Never commit secrets to version control. Use external secret management (Sealed Secrets, External Secrets Operator, Vault). For local development, use .env files (gitignored) and create Secrets from them using kubectl create secret.
What's the best way to organize multi-environment configs?
Use Kustomize with a base directory for common configs and overlay directories for environment-specific changes. This keeps configurations DRY while allowing environment customization. Validate the final rendered manifests for each environment.
How do I troubleshoot YAML indentation errors?
YAML is whitespace-sensitive. Use a validator to identify the exact line with issues. Common problems: mixing tabs and spaces, incorrect nesting levels, missing colons. Use 2-space indentation consistently and enable "show whitespace" in your editor.