# Kubernetes - Secret vs ConfigMap



> After reading this post you will be understanding the high level of Kubernetes Secrets and ConfigMap, its advantages of this, and basic kubectl commands related to Secret and  ConfigMap

> If you have not yet checked the previous parts of this series, please go ahead and check this  👉 [Link](https://blog.cloudnloud.com/series/kubernetes-deep-dive)



# Kubernetes Secrets

Secrets are Kubernetes objects to manage a small amount of sensitive data like passwords, keys, and tokens with less than 1MB in size. Secrets encoded and stored inside Kubernetes master ETCD data store. Since Secrets will be created outside of pods and containers, these can be used any number of times.

## Create Secret using YAML manifesto files

```
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  USER_NAME: YWRtaW4=
  PASSWORD: MWYyZDFlMmU2N2Rm
``` 
## Create using kubectl create 
```
kubectl create -f secret.yaml

```
## Output 
```
controlplane $ kubectl get secret
NAME       TYPE     DATA   AGE
mysecret   Opaque   2      27s
```

## Deploy Secrets in Pods
## kubectl create -f deploy.yaml

```
apiVersion: v1
kind: Pod
metadata:
    name: nginx
spec:
    containers:
    - name: nginx
      image: nginx
      volumeMounts:
      - name: secret-volume
        mountPath: /etc/secret
        readOnly: true
    volumes:
    - name: secret-volume
      secret:
        secretName: mysecret
``` 
## Pod status 
```
controlplane $ kubectl get pod
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          4m21s
```

## How to verify the secrets 
```
kubectl exec -it nginx bash --> login to that particular pod 

root@nginx:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay         9.6G  5.5G  4.1G  58% /
tmpfs            64M     0   64M   0% /dev
tmpfs           994M     0  994M   0% /sys/fs/cgroup
tmpfs           1.9G  8.0K  1.9G   1% /etc/secret
/dev/vda1       9.6G  5.5G  4.1G  58% /etc/hosts
shm              64M     0   64M   0% /dev/shm
tmpfs           1.9G   12K  1.9G   1% /run/secrets/kubernetes.io/serviceaccount
tmpfs           994M     0  994M   0% /proc/acpi
tmpfs           994M     0  994M   0% /proc/scsi
tmpfs           994M     0  994M   0% /sys/firmware
```

Add a volume section with type secret and with secretName(ie. mysecret already created) and then mount the secret volume to the container target location that is similar to mounting any other volumes.


# ConfigMaps

ConfigMaps are used to separate container images and their custom configurations so that images are portable and can be run in any environment providing appropriate configuration. ConfigMap stores data in key, value format. If any configuration values are sensitive use Secret instead ConfigMap. It is a must to create ConfigMap beforehand if we need to refer to the pod spec.


## Create ConfigMap using YAML manifesto files
```
apiVersion: v1 
kind: ConfigMap 
metadata:
  name: configmap 
data:
  # Configuration values can be set as key-value properties
  database: mongodb
  database_uri: mongodb://localhost:27017
  
  # Or set as complete file contents (even JSON!)
  keys: | 
    image.public.key=771 
    rsa.public.key=42
```
```
controlplane $ kubectl create -f configmap.yaml 
configmap/configmap created
```

```
controlplane $ kubectl get configmap
NAME               DATA   AGE
configmap          3      83s
kube-root-ca.crt   1      46d
```
```
controlplane $ cat pod.yaml 
apiVersion: v1 
kind: Pod 
metadata:
  name: pod-env-var 
spec:
  containers:
    - name: env-var-configmap
      image: nginx:1.7.9 
      envFrom:
        - configMapRef:
            name: configmap
```
```
controlplane $ kubectl get pod
NAME          READY   STATUS    RESTARTS   AGE
pod-env-var   1/1     Running   0          71s
```
In volumes, the section key is the file name created while configMap, and the path is the target location where data will be present inside the pod. in volumeMounts we provide the mountPath the target directory to mount the configMap volume.

Instead of volume mapping use environment variables and use configmap(ie. myconfig) to assign values. Verify the environment variables.

login to the particular pod and run the env for the testing 
```
controlplane $ kubectl exec -it pod-env-var bash 
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod-env-var:/# 
root@pod-env-var:/# env
HOSTNAME=pod-env-var
TERM=xterm
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_HOST=10.96.0.1
database_uri=mongodb://localhost:27017
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
database=mongodb
PWD=/
NGINX_VERSION=1.7.9-1~wheezy
keys=image.public.key=771 
rsa.public.key=42

SHLVL=1
HOME=/root
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
_=/usr/bin/env
root@pod-env-var:/# exit        
```
 Mani difference between these two is Secrets will store confidential data but ConfigMap will store the data in nonconfidential 

Hope you have got an idea about Kubernetes secret and ConfigMap and how we can implement them in our product environments

Happy Learning 📚

Thank you!







