0
0
Kubernetesdevops~20 mins

Using Secrets as mounted volumes in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Secret Volume Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Output of pod with secret mounted as volume
You have a Kubernetes pod that mounts a secret as a volume at /etc/secret-volume. The secret contains a key password with value mypassword. What will be the output of cat /etc/secret-volume/password inside the pod?
Kubernetes
kubectl exec pod-secret-volume -- cat /etc/secret-volume/password
Amypassword
Bbase64 encoded string of mypassword
CError: file not found
DEmpty output
Attempts:
2 left
💡 Hint
Secrets mounted as volumes are decoded automatically and stored as plain text files.
Configuration
intermediate
2:00remaining
Correct secret volume mount configuration
Which of the following YAML snippets correctly mounts a secret named db-secret as a volume at /etc/db inside a pod?
A
volumes:
  - name: db-volume
    secret:
      secretName: db-secret
containers:
  - name: app
    volumeMounts:
      - name: db-volume
        path: /etc/db
B
volumes:
  - name: db-volume
    secret:
      secretName: db-secret
containers:
  - name: app
    volumeMounts:
      - name: db-volume
        mountPath: /etc/db
C
bd/cte/ :htaPtnuom        
emulov-bd :eman -      
:stnuoMemulov    
ppa :eman -  
:sreniatnoc
terces-bd :emaNterces      
:terces    
emulov-bd :eman -  
:semulov
D
volumes:
  - name: db-volume
    configMap:
      name: db-secret
containers:
  - name: app
    volumeMounts:
      - name: db-volume
        mountPath: /etc/db
Attempts:
2 left
💡 Hint
The secret volume must specify 'secretName' and volumeMount must use 'mountPath'.
Troubleshoot
advanced
2:00remaining
Reason for secret volume files missing in pod
You mounted a secret as a volume in your pod, but when you exec into the pod, the secret files are missing from the mount path. What is the most likely cause?
AThe secret does not exist or has a different name than specified in the volume.
BThe pod does not have permission to read the secret because of RBAC rules.
CThe secret was mounted as environment variables, not as a volume.
DThe pod's container image does not support volumes.
Attempts:
2 left
💡 Hint
Check if the secret name in the volume matches an existing secret.
🔀 Workflow
advanced
2:00remaining
Steps to update a secret mounted as volume in a running pod
You updated a Kubernetes secret that is mounted as a volume in a running pod. What is the correct way to see the updated secret files inside the pod?
AUpdate the secret and wait 24 hours for automatic refresh inside the pod.
BRun 'kubectl exec' and the secret files update automatically without pod restart.
CRestart the container inside the pod using 'kubectl rollout restart'.
DDelete and recreate the pod to reload the secret volume with updated data.
Attempts:
2 left
💡 Hint
Secret volumes are mounted at pod start and do not update automatically.
Best Practice
expert
2:00remaining
Best practice for restricting secret volume file permissions
You want to mount a secret as a volume but restrict the file permissions so only the owner can read the secret files inside the pod. Which volume configuration option achieves this?
ASet 'fsGroup' to 0 in the pod security context.
BSet 'readOnly: true' under the volumeMount in the container spec.
CSet 'defaultMode: 0400' under the secret volume in the pod spec.
DSet 'defaultMode: 0777' under the secret volume in the pod spec.
Attempts:
2 left
💡 Hint
File permission modes control access rights; 0400 means read by owner only.