CKS Exam Series #2 Pods, Secrets and ServiceAccounts
Kubernetes CKS Example Exam Question Series

#####################################
THIS CHALLENGE WON’T BE UPDATED HERE AND MOVED TO:
https://killercoda.com/killer-shell-cks
######################################
Content
- Create Cluster & Security Best Practices
- Pods, Secrets and ServiceAccounts
- Immutable Pods
- Crash that Apiserver & check logs
- ImagePolicyWebhook / AdmissionController
- Users and CertificateSigningRequests
- ServiceAccount Token Mounting
- Role Based Access Control (RBAC)
- Role Based Access Control (RBAC) v2
- Container Hardening
- NetworkPolicies (Default Deny + Allowlist)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
→ Check out the FULL CKS COURSE on Udemy ←
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rules!
- Be fast, avoid creating yaml manually from scratch
- Use only kubernetes.io/docs for help.
- Check our solution after you did yours. You probably have a better one!
Todays Task: Pod with ServiceAccount uses Secrets
- Create new Namespace
ns-secure
and perform everything else in there - Create ServiceAccount
secret-manager
- Create Secret
sec-a1
with any literal content of your choice - Create Secret
sec-a2
with any file content of your choice (like/etc/hosts
) - Create Pod
secret-manager
image nginx which uses the new SA - Make Secret
sec-a1
available as environment variableSEC_A1
- Mount Secret
sec-a2
into the Pod read-only under/etc/sec-a2
- Verify your solution worked
.
.
.
.
.
Solution
To solve this we’re logged into our controlplane node cks-controlplane
.
1.
alias k=kubectlk create ns ns-secure
2.
k -n ns-secure create sa secret-manager
3.
k -n ns-secure create secret generic sec-a1 --from-literal user=admin
4.
k -n ns-secure create secret generic sec-a2 --from-file index=/etc/hosts
5. 6. 7.
k -n ns-secure run secret-manager --image=nginx -oyaml --dry-run=client > pod.yaml
Now edit the yaml to:
8.
And to verify:
k -f pod.yaml createk -n ns-secure exec secret-manager -- env | grep SECk -n ns-secure exec secret-manager -- mount | grep sec
You have a different solution?
Let us know by writing a comment below!
— — — The END — — —
So much for this session. See you at the next one and happy learning!
Ready to join Killer Shell?
FULL CKS COURSE

…or the CKS SIMULATOR
