Kubernetesdevops~30 mins

Using Secrets as mounted volumes in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Using Secrets as mounted volumes

📖 Scenario: You are managing a Kubernetes application that needs to securely access sensitive data like passwords. Instead of hardcoding secrets in your app, you will use Kubernetes Secrets and mount them as volumes inside your pod.

🎯 Goal: Create a Kubernetes Secret with exact key-value pairs, configure a pod to mount this Secret as a volume, and verify the secret data is accessible inside the pod.

📋 What You'll Learn

Create a Secret named db-secret with keys username and password and exact values admin and p@ssw0rd

Create a pod named secret-demo-pod that mounts the db-secret as a volume at /etc/secret-volume

Verify the secret files username and password exist inside the pod and contain the correct values

💡 Why This Matters

🌍 Real World

Kubernetes Secrets are used to store sensitive information like passwords, tokens, and keys securely. Mounting them as volumes allows applications to read secrets as files without exposing them in environment variables or code.

💼 Career

Understanding how to manage secrets securely in Kubernetes is essential for DevOps engineers and cloud-native developers to protect sensitive data and comply with security best practices.

Progress0 / 4 steps

Create the Kubernetes Secret

Create a Kubernetes Secret named db-secret with the exact key-value pairs: username: admin and password: p@ssw0rd using a YAML manifest.

Kubernetes

# Write the YAML manifest for the Secret named db-secret
# with keys username and password
# Your code here

Need a hint?

Use base64 encoding for the values: 'admin' -> 'YWRtaW4=', 'p@ssw0rd' -> 'cEBzc3cwcmQ='

Add volume configuration to the pod

Create a pod named secret-demo-pod that mounts the Secret db-secret as a volume named secret-volume at the path /etc/secret-volume inside the container. Use the image busybox and command sleep 3600.

Kubernetes

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=
  password: cEBzc3cwcmQ=

# Add pod manifest below
# Your code here

Need a hint?

Mount the secret as a volume inside the container under /etc/secret-volume.

Verify secret files inside the pod

Use kubectl exec to run cat /etc/secret-volume/username and cat /etc/secret-volume/password inside the pod secret-demo-pod to verify the secret values are accessible.

Kubernetes

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=
  password: cEBzc3cwcmQ=
---
apiVersion: v1
kind: Pod
metadata:
  name: secret-demo-pod
spec:
  containers:
  - name: busybox
    image: busybox
    command: ["sleep", "3600"]
    volumeMounts:
    - name: secret-volume
      mountPath: "/etc/secret-volume"
      readOnly: true
  volumes:
  - name: secret-volume
    secret:
      secretName: db-secret

# Run kubectl exec commands below
# Your code here

Need a hint?

Use kubectl exec with the pod name and cat command to read secret files.

Display the secret values

Print the output of the commands kubectl exec secret-demo-pod -- cat /etc/secret-volume/username and kubectl exec secret-demo-pod -- cat /etc/secret-volume/password to show the secret values admin and p@ssw0rd respectively.

Kubernetes

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=
  password: cEBzc3cwcmQ=
---
apiVersion: v1
kind: Pod
metadata:
  name: secret-demo-pod
spec:
  containers:
  - name: busybox
    image: busybox
    command: ["sleep", "3600"]
    volumeMounts:
    - name: secret-volume
      mountPath: "/etc/secret-volume"
      readOnly: true
  volumes:
  - name: secret-volume
    secret:
      secretName: db-secret

# Print the secret values below
# Your code here

Need a hint?

Print the exact secret values as output.