Secrets & ConfigMaps – CKA Practice Questions

20 hands-on questions for CKA exam preparation.

---

Question 1: Create ConfigMap from Literal

Task:

1. Create ConfigMap app-settings with:
   • APP_ENV=production
   • LOG_LEVEL=debug
2. Verify with kubectl describe configmap app-settings

---

Question 2: Create ConfigMap from File

Task:

1. Create a file app.properties:

   database.host=mysql.default.svc
   database.port=3306

2. Create ConfigMap db-config from this file
3. Verify the content is stored correctly

---

Question 3: Create Secret from Literal

Task:

1. Create Secret db-credentials with:
   • username=dbadmin
   • password=S3cr3tP@ss
2. Verify secret exists (don't expose data)

---

Question 4: Decode Secret Value

Task:

1. Get the password from db-credentials secret
2. Decode the base64 value

---

Question 5: ConfigMap as Environment Variables

Task:

1. Create ConfigMap env-config with APP_MODE=test
2. Create Pod env-pod using busybox that:
   • Loads ALL keys from env-config as env vars
   • Runs env command to print environment

---

Question 6: Secret as Environment Variables

Task:

1. Create Secret api-secret with API_KEY=abc123xyz
2. Create Pod api-pod that loads the secret as environment variable
3. Verify: kubectl exec api-pod -- env | grep API

---

Question 7: Specific Key as Environment Variable

Task:

1. Create ConfigMap multi-config with keys: KEY1=value1, KEY2=value2, KEY3=value3
2. Create Pod that loads ONLY KEY2 as env var named MY_KEY

---

Question 8: Mount ConfigMap as Volume

Task:

1. Create ConfigMap nginx-config with content:

   server {
     listen 8080;
     root /var/www;
   }

2. Create Pod that mounts this ConfigMap at /etc/nginx/conf.d
3. Verify file exists: kubectl exec <pod> -- cat /etc/nginx/conf.d/default.conf

---

Question 9: Mount Secret as Volume

Task:

1. Create Secret tls-certs with:
   • cert.pem=<certificate content>
   • key.pem=<key content>
2. Mount Secret at /etc/ssl/certs in Pod
3. Verify files exist with correct permissions

---

Question 10: Mount Specific Keys Only

Task:

1. Create ConfigMap app-files with keys: config.json, settings.yaml, readme.txt
2. Mount ONLY config.json at /app/config.json using items and subPath

---

Question 11: Create TLS Secret

Task:

1. Generate self-signed certificate:

   openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
     -keyout tls.key -out tls.crt -subj "/CN=myapp.local"

2. Create TLS secret myapp-tls from these files

---

Question 12: Mount Multiple ConfigMap Keys with Different Paths

Task:

1. Create ConfigMap web-assets with three keys:
   • index.html with HTML content "Welcome"
   • style.css=body { margin: 0; }
   • app.js=console.log('ready');
2. Create Pod that mounts:
   • index.html to /var/www/html/index.html
   • style.css to /var/www/css/main.css
   • app.js to /var/www/js/app.js
3. Use subPath for each file

---

Question 13: ConfigMap Volume with Custom File Permissions

Task:

1. Create ConfigMap scripts with key startup.sh containing a simple bash script
2. Mount this ConfigMap at /scripts with file mode 0755 (executable)
3. Verify: kubectl exec <pod> -- ls -la /scripts/startup.sh

---

Question 14: Mount Secret and ConfigMap in Same Directory

Task:

1. Create ConfigMap public-config with app.conf=server_name=app
2. Create Secret private-config with db.conf=password=secret123
3. Mount both at /etc/app/ (ConfigMap files and Secret files together)
4. Verify both files exist in the same directory

---

Question 15: Selective Key Mounting with Items

Task:

1. Create ConfigMap multi-env with keys: dev.properties, prod.properties, test.properties
2. Mount ONLY prod.properties to /config/environment.properties using items and subPath
3. Ensure other keys are NOT mounted

---

Question 16: Secret Subpath with Different Filenames

Task:

1. Create Secret credentials with keys:
   • db-user=admin
   • db-pass=secret
   • api-token=xyz123
2. Mount only api-token to /app/secrets/token.txt using subPath
3. Verify other secret keys are NOT mounted

---

Question 17: Combined ConfigMap and Secret in Pod

Task: Create Pod with:

• ConfigMap app-cm with APP_NAME=myapp
• Secret app-secret with DB_PASS=secret
• Load ConfigMap as env vars
• Mount Secret at /etc/secrets

---

Question 18: ConfigMap for Config File with Multi-line Content

Task: Create ConfigMap with multi-line JSON config and mount in Pod

---

Question 19: Secret with File Permissions

Task:

1. Create Secret secure-secret with password=topsecret
2. Mount in Pod at /secrets with mode 0400 (read-only owner)
3. Verify permissions: kubectl exec <pod> -- ls -la /secrets

---

Question 20: Troubleshoot Missing ConfigMap

Scenario: Pod broken-app is stuck in CreateContainerConfigError:

spec:
  containers:
  - name: app
    image: nginx
    envFrom:
    - configMapRef:
        name: missing-config

Task:

1. Identify the issue using kubectl describe pod
2. Create the missing ConfigMap
3. Verify Pod starts

---

Quick Reference

Task	Command
Create ConfigMap	kubectl create configmap <name> --from-literal=k=v
Create Secret	kubectl create secret generic <name> --from-literal=k=v
Create TLS Secret	kubectl create secret tls <name> --cert=c --key=k
Decode Secret	kubectl get secret <name> -o jsonpath='{.data.key}' | base64 -d
Patch ConfigMap	kubectl patch configmap <name> -p '{"data":{"k":"v"}}'

---