Secrets & ConfigMaps – Answers
Solutions to the 20 CKA practice questions.
Answer 1: Create ConfigMap from Literal
bash
kubectl create configmap app-settings --from-literal=APP_ENV=production --from-literal=LOG_LEVEL=debugAnswer 2: Create ConfigMap from File
bash
kubectl create configmap db-config --from-file=app.propertiesAnswer 3: Create Secret from Literal
bash
kubectl create secret generic db-credentials --from-literal=username=dbadmin --from-literal=password=S3cr3tP@ssAnswer 4: Decode Secret Value
bash
kubectl get secret db-credentials -o jsonpath='{.data.password}' | base64 -dAnswer 5: ConfigMap as Environment Variables
yaml
apiVersion: v1
kind: Pod
metadata:
name: env-pod
spec:
containers:
- name: app
image: busybox
command: ['sh', '-c', 'env && sleep 3600']
envFrom:
- configMapRef:
name: env-configAnswer 6: Secret as Environment Variables
yaml
apiVersion: v1
kind: Pod
metadata:
name: api-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
envFrom:
- secretRef:
name: api-secretAnswer 7: Specific Key as Environment Variable
yaml
apiVersion: v1
kind: Pod
metadata:
name: key-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
env:
- name: MY_KEY
valueFrom:
configMapKeyRef:
name: multi-config
key: KEY2Answer 8: Mount ConfigMap as Volume
yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: config
mountPath: /etc/nginx/conf.d
volumes:
- name: config
configMap:
name: nginx-configAnswer 9: Mount Secret as Volume
yaml
apiVersion: v1
kind: Pod
metadata:
name: tls-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: tls
mountPath: /etc/ssl/certs
readOnly: true
volumes:
- name: tls
secret:
secretName: tls-certsAnswer 10: Mount Specific Keys Only
yaml
apiVersion: v1
kind: Pod
metadata:
name: specific-key-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: config
mountPath: /app/config.json
subPath: config.json
volumes:
- name: config
configMap:
name: app-files
items:
- key: config.json
path: config.jsonAnswer 11: Create TLS Secret
bash
# Generate certificates
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout tls.key -out tls.crt -subj "/CN=myapp.local"
# Create secret
kubectl create secret tls myapp-tls --cert=tls.crt --key=tls.keyAnswer 12: Mount Multiple ConfigMap Keys with Different Paths
yaml
apiVersion: v1
kind: Pod
metadata:
name: multi-path-pod
spec:
containers:
- name: web
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: html
mountPath: /var/www/html/index.html
subPath: index.html
- name: css
mountPath: /var/www/css/main.css
subPath: style.css
- name: js
mountPath: /var/www/js/app.js
subPath: app.js
volumes:
- name: html
configMap:
name: web-assets
items:
- key: index.html
path: index.html
- name: css
configMap:
name: web-assets
items:
- key: style.css
path: style.css
- name: js
configMap:
name: web-assets
items:
- key: app.js
path: app.jsAnswer 13: ConfigMap Volume with Custom File Permissions
yaml
apiVersion: v1
kind: Pod
metadata:
name: scripts-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: scripts
mountPath: /scripts
volumes:
- name: scripts
configMap:
name: scripts
defaultMode: 0755Answer 14: Mount Secret and ConfigMap in Same Directory
yaml
apiVersion: v1
kind: Pod
metadata:
name: combined-dir-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: public
mountPath: /etc/app/app.conf
subPath: app.conf
- name: private
mountPath: /etc/app/db.conf
subPath: db.conf
volumes:
- name: public
configMap:
name: public-config
items:
- key: app.conf
path: app.conf
- name: private
secret:
secretName: private-config
items:
- key: db.conf
path: db.confAnswer 15: Selective Key Mounting with Items
yaml
apiVersion: v1
kind: Pod
metadata:
name: selective-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: env-config
mountPath: /config/environment.properties
subPath: environment.properties
volumes:
- name: env-config
configMap:
name: multi-env
items:
- key: prod.properties
path: environment.propertiesAnswer 16: Secret Subpath with Different Filenames
yaml
apiVersion: v1
kind: Pod
metadata:
name: token-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: creds
mountPath: /app/secrets/token.txt
subPath: token.txt
volumes:
- name: creds
secret:
secretName: credentials
items:
- key: api-token
path: token.txtAnswer 17: Combined ConfigMap and Secret in Pod
yaml
apiVersion: v1
kind: Pod
metadata:
name: combined-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
envFrom:
- configMapRef:
name: app-cm
volumeMounts:
- name: secrets
mountPath: /etc/secrets
readOnly: true
volumes:
- name: secrets
secret:
secretName: app-secretAnswer 18: ConfigMap for Config File with Multi-line Content
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: json-config
data:
config.json: |
{
"database": {
"host": "mysql",
"port": 3306
},
"cache": {
"enabled": true
}
}Answer 19: Secret with File Permissions
yaml
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
containers:
- name: app
image: busybox
command: ['sleep', '3600']
volumeMounts:
- name: secret-vol
mountPath: /secrets
readOnly: true
volumes:
- name: secret-vol
secret:
secretName: secure-secret
defaultMode: 0400Answer 20: Troubleshoot Missing ConfigMap
bash
# Diagnose
kubectl describe pod broken-app # Look for "missing-config not found"
# Fix
kubectl create configmap missing-config --from-literal=dummy=value
# Verify
kubectl get pod broken-appQuick Reference
| Task | Command |
|---|---|
| Create ConfigMap | kubectl create configmap <name> --from-literal=k=v |
| Create Secret | kubectl create secret generic <name> --from-literal=k=v |
| Create TLS Secret | kubectl create secret tls <name> --cert=c --key=k |
| Decode Secret | kubectl get secret <name> -o jsonpath='{.data.key}' | base64 -d |
| Patch ConfigMap | kubectl patch configmap <name> -p '{"data":{"k":"v"}}' |