Kubernetes CKA sample exam question 40 with answer

Question
Create Kubernetes Secret as follows:
Name: sec1
password: CKA123
Create a pod named pod-sec-file, using the redis image, which mounts a secret named sec1 at /secrets
Create a second pod named pod-sec-env, using redis image, which exports password as CONFIDENTIAL environment variable

Answer
First create the target Secret object:

kubectl create secret generic sec1 --from-literal=password=CKA123

Generate first pod manifest:

kubectl run pod-sec-file --image=redis --dry-run=client -o yaml

Adjust first pod manifest after that to match like this:

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: pod-sec-file
  name: pod-sec-file
spec:
  containers:
  - image: redis
    name: redis
    volumeMounts:
    - name: sec1
      mountPath: "/secrets"
  volumes:
  - name: sec1
    secret:
      secretName: sec1

Run the pod:

kubectl appply -f po1.yaml

Verify if Secret is mounted as volumes:

kubectl exec -it pod-sec-file -- ls /secrets
kubectl exec -it pod-sec-file -- cat /secrets/password

Repeat the same procedure for second pod - generate the manifest and adjust it in this way:

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: pod-sec-env
  name: pod-sec-env
spec:
  containers:
  - image: redis
    name: redis
    env:
    - name: CONFIDENTIAL
      valueFrom:
        secretKeyRef:
          name: sec1
          key: password

Apply:

kubectl appply -f po2.yaml

Check:

kubectl exec -it pod-sec-env -- env

You should see the environment variable named CONFIDENTIAL