Skip to content

Lab · Foundations

Lab: ConfigMap/Secret Miswire

Practice the discipline of configuration: prove the reference, prove the value, then restart only after the governing mistake is corrected.

Back to LabsTroubleshooting AtlasShrine Archive

Prerequisites

What you should have before you begin.

ConfigSecretsOperationsReliability
  • A cluster and namespace
  • kubectl installed
  • Basic ConfigMap/Secret knowledge

Lab text

Follow the sequence. Change one thing at a time.

Goal

You will learn to diagnose a workload that fails due to missing configuration: confirm whether the ConfigMap/Secret exists, whether keys match, and whether the pod spec references them correctly.

  • Prove object existence.
  • Prove key names.
  • Prove pod spec wiring.

Scenario

A Deployment starts crashing after a change. Logs show a missing environment variable or a missing file. The cluster is healthy; the wiring is not.

Inspect the references

Start with the pod spec: env, envFrom, and mounts.

  • Names are namespace-scoped.
  • Keys are case-sensitive; one character is the difference between stable and broken.

kubectl

shell

kubectl describe pod <pod> -n <ns>
kubectl get pod <pod> -n <ns> -o yaml | rg -n "env:|envFrom:|configMapKeyRef|secretKeyRef|volumes:|volumeMounts:"

kubectl

shell

kubectl get configmap,secret -n <ns>

Fix and verify

Fix the governing reference, then roll the workload once.

  • Correct the name/key in the manifest (or create the missing object).
  • Avoid manual pod deletes until you understand why the next pod will be better.
  • After fix: `kubectl rollout restart deploy/<name> -n <ns>` and watch events.

Related

Next

Link

Tutorial: Ingress, Config, and Secrets

Continue the sequence with the linked text.

Next

Link

Operations Handbook

Continue the sequence with the linked text.

Canonical link

Canonical URL: /labs/config-and-secret-miswire