CKAD · Question #21
CKAD Question #21: Real Exam Question with Answer & Explanation
This question tests your ability to create a Kubernetes Secret and inject its value into a Pod as an environment variable using the secretKeyRef field. It covers the full workflow from secret creation to pod consumption.
Question
1) Create a secret named app-secret in the default namespace containing the following single key-value pair: key3: value1 2) Create a Pod named nginx-secret in the default namespace. Specify a single container using the nginx:stable image. Add an environment variable named BEST_VARIABLE consuming the value of the secret key3.
Explanation
This question tests your ability to create a Kubernetes Secret and inject its value into a Pod as an environment variable using the secretKeyRef field. It covers the full workflow from secret creation to pod consumption.
Approach. First, create the Secret using kubectl create secret generic app-secret --from-literal=key3=value1 -n default. Then write a Pod manifest (or use kubectl run) for nginx-secret using the nginx:stable image, with an env entry that sets BEST_VARIABLE via valueFrom.secretKeyRef, referencing secret name app-secret and key key3. Apply the Pod with kubectl apply -f pod.yaml. The critical detail is using valueFrom.secretKeyRef rather than a plain value field - this tells Kubernetes to pull the value from the Secret object at runtime, keeping sensitive data out of the pod spec itself.
Concept tested. Kubernetes Secrets creation and consumption via environment variables (secretKeyRef / envFrom pattern)
Reference. https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables
Topics
Community Discussion
No community discussion yet for this question.