0
0
Kubernetesdevops~20 mins

Secret types (Opaque, docker-registry, TLS) in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Secret Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Output of creating an Opaque secret with kubectl
What is the output of the following command when creating an Opaque secret named mysecret with a literal key-value pair username=admin?
Kubernetes
kubectl create secret generic mysecret --from-literal=username=admin
AWarning: secret/mysecret already exists
Bsecret/mysecret created
CError from server (Forbidden): secrets is forbidden: User "system:anonymous" cannot create resource "secrets"
Dsecret/mysecret deleted
Attempts:
2 left
💡 Hint
Think about the normal success message when creating a secret with kubectl.
🧠 Conceptual
intermediate
1:30remaining
Purpose of docker-registry secret type
What is the main purpose of a Kubernetes secret of type kubernetes.io/dockerconfigjson (docker-registry)?
ATo store Docker registry credentials for pulling private images
BTo store SSH keys for accessing remote servers
CTo store generic key-value pairs for application configuration
DTo store TLS certificates for secure communication
Attempts:
2 left
💡 Hint
Think about what is needed to pull images from private Docker registries.
Configuration
advanced
2:00remaining
Correct YAML for TLS secret
Which YAML snippet correctly defines a TLS secret named mytlssecret with certificate and key files?
A
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: mytlssecret
data:
  tls.crt: <base64-encoded-cert>
  tls.key: <base64-encoded-key>
B
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: mytlssecret
stringData:
  tls.crt: <plain-cert>
  tls.key: <plain-key>
C
apiVersion: v1
kind: ConfigMap
metadata:
  name: mytlssecret
data:
  tls.crt: <plain-cert>
  tls.key: <plain-key>
D
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
  name: mytlssecret
data:
  .dockerconfigjson: <base64-encoded-json>
Attempts:
2 left
💡 Hint
TLS secrets require a specific type and base64 encoded data keys named tls.crt and tls.key.
Troubleshoot
advanced
2:00remaining
Error when pulling image with docker-registry secret
You created a docker-registry secret and referenced it in your Pod spec, but the Pod fails to pull the private image with an 'unauthorized' error. What is the most likely cause?
AThe secret is missing the key '.dockerconfigjson' with correct JSON content
BThe TLS certificate in the secret expired
CThe secret type is set to 'Opaque' instead of 'kubernetes.io/dockerconfigjson'
DThe Pod spec does not reference the secret under imagePullSecrets
Attempts:
2 left
💡 Hint
Check if the Pod knows to use the secret for pulling images.
Best Practice
expert
2:30remaining
Best practice for managing TLS secrets in Kubernetes
Which practice is considered best for managing TLS secrets securely in Kubernetes clusters?
AUse Opaque secrets with base64 encoded TLS data and restrict RBAC access
BStore TLS secrets as plain text ConfigMaps for easy access
CUse kubernetes.io/tls secret type and automate certificate renewal with cert-manager
DEmbed TLS certificates directly in Pod specs as environment variables
Attempts:
2 left
💡 Hint
Think about automation and security combined for TLS management.