Question 5 - Linux CKS Real Exam Questions [Jan 2026 Update]

Q: 5

a. Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace. Store the value of the token in the token.txt b. Create a new secret named test-db-secret in the DB namespace with the following content: username: mysql password: password@123 Create the Pod name test-db-pod of image nginx in the namespace db that can access test-db-secret via a volume at path /etc/mysql-credentials

Your Answer

Correct Answer:

1. EXTRACT SERVICE-ACCOUNT TOKEN KUBECTL -N TESTING GET SECRET $(KUBECTL -N TESTING GET SA DEFAULT -O JSONPATH='{.SECRETS0.NAME}') \ -O JSONPATH='{.DATA.TOKEN}' | BASE64 -D > TOKEN.TXT 2. CREATE THE SECRET IN NAMESPACE DB KUBECTL -N DB CREATE SECRET GENERIC TEST-DB-SECRET \ --FROM-LITERAL=USERNAME=MYSQL \ --FROM-LITERAL=PASSWORD=PASSWORD@123 3. POD MANIFEST (SAVE AS TEST-DB-POD.YAML AND APPLY) YAML APIVERSION: V1 KIND: POD METADATA: NAME: TEST-DB-POD NAMESPACE: DB SPEC: CONTAINERS: - NAME: NGINX IMAGE: NGINX VOLUMEMOUNTS: - NAME: MYSQL-CREDS MOUNTPATH: /ETC/MYSQL-CREDENTIALS READONLY: TRUE VOLUMES: - NAME: MYSQL-CREDS SECRET: SECRETNAME: TEST-DB-SECRET KUBECTL APPLY -F TEST-DB-POD.YAML

Explanation

The first command fetches the name of the default service-account secret in the testing namespace, selects its base-64-encoded token field, decodes it, and saves it to token.txt. The create secret command places the required key/value pairs into a namespaced secret called test-db-secret. The Pod manifest mounts that secret as a volume, ensuring the nginx container can read the credentials from /etc/mysql-credentials as individual files (username, password) with default permissions. All steps follow Kubernetes’ documented methods for reading existing secrets, creating new secrets from literals, and consuming them as volumes inside Pods.

Why Incorrect

(No alternative options were supplied in the prompt.)

References

1. Kubernetes Documentation

“Accessing API from a Pod

” Example: extracting SA token

v1.28

Section: Accessing the cluster

step 2.

https://kubernetes.io/docs/tasks/configure-pod-container/access-cluster/#accessing-the-api-from-a-pod

2. Kubernetes Documentation

“Secrets

” v1.28

Section: Creating a Secret Using kubectl command line.

https://kubernetes.io/docs/concepts/configuration/secret/#creating-a-secret

3. Kubernetes Documentation

“Using Secrets as files from a Pod

” v1.28

Section: Consuming Secrets.

https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE