Immutable Secrets & ConfigMaps: Write-Once Configuration
Treat your Kubernetes configuration like a container image: create it once, then create a new version to update it. The `immutable` flag enforces this "write-once" pattern for Secrets and ConfigMaps, reducing API server load and preventing accidental updates.
Treat your Kubernetes configuration like a container image: create it once, then create a new version to update it. The `immutable: true` flag enforces this "write-once" pattern for Secrets and ConfigMaps. This stops the kubelet from polling for changes, drastically reducing API server load in clusters with many pods mounting the same config. It's ideal for enforcing GitOps workflows. The footgun: you cannot make an immutable object mutable again; you must create a new one and redeploy.
Read the original → kubernetes.io
- #kubernetes
- #configuration
- #secrets
- #scalability
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.