CKAD 2026 EXAM PRACTICE # Q05 | Kubernetes Secrets to Environment Variables

This video covers a complete, practical walkthrough of how to read Kubernetes Secret values as environment variables inside a Pod. The entire demo is built inside a dedicated namespace called neo-lab, and every step is shown in a clean, simple way so learners can follow without confusion.

This is one of the key concepts for both CKAD and CKA exam preparation. It also applies directly to real production clusters, where applications commonly load credentials, tokens, database users, and API keys through environment variables instead of hardcoding them inside container images.

What you will learn in this video

• How Secrets work in Kubernetes
• How to create a namespace for isolation
• How to create a Secret with literal values (dbuser, dbtoken)
• How to write a simple Pod YAML that consumes those values
• How secretKeyRef injects Secret data into env:
• How to exec into the running Pod and verify the variables
• How to troubleshoot common mistakes like wrong key names, wrong namespace, or typos

Everything is explained in a natural and simple style so even beginners can understand it without feeling overwhelmed.

Steps covered in the demo
Step 1: Create namespace neo-lab

We start by creating a dedicated namespace to organize everything related to the lab. This prevents mixing resources from other scenarios and matches how Kubernetes exam environments are normally structured.

Step 2: Create the Secret neo-db-secret

We build a simple Secret with two key/value pairs:

dbuser = neokloud

dbtoken = N3o@Secure!55

These values are stored securely by Kubernetes, base64-encoded in the Secret manifest, but visible in plain form when consumed by containers.

Step 3: Create the Pod neo-env-pod

A lightweight BusyBox container is used to keep things simple. The container runs a long sleep command so you can connect into it anytime. The Secret values are exposed inside the Pod as environment variables using:

APP_USER

APP_TOKEN

This demonstrates how applications normally receive sensitive information securely.

Step 4: Verify inside the Pod

By opening a shell inside the Pod, we inspect both environment variables and confirm that the Secret data was injected correctly. This is one of the fastest, safest, and cleanest ways to demonstrate Kubernetes Secret consumption.

YAML and Commands Shown in the Video
Namespace
kubectl create namespace neo-lab

Secret
kubectl create secret generic neo-db-secret \
-n neo-lab \
--from-literal=dbuser=neokloud \
--from-literal=dbtoken='N3o@Secure!55'

Pod YAML (neo-env-pod)
apiVersion: v1
kind: Pod
metadata:
name: neo-env-pod
namespace: neo-lab
spec:
containers:
- name: busybox
image: busybox
command: ["sh", "-c", "sleep 4000"]
env:
- name: APP_USER
valueFrom:
secretKeyRef:
name: neo-db-secret
key: dbuser
- name: APP_TOKEN
valueFrom:
secretKeyRef:
name: neo-db-secret
key: dbtoken

Apply Pod
kubectl apply -f pod.yaml

Verify values
kubectl -n neo-lab exec -it neo-env-pod -- sh
echo $APP_USER
echo $APP_TOKEN

Who is this video for?

This session is ideal for:

• Beginners learning Kubernetes for the first time
• CKAD and CKA aspirants who require exam-style clarity
• Developers deploying applications with sensitive credentials
• Trainers who want simple and clean explanations for classroom use
• Anyone learning how Kubernetes manages Secrets securely

Additional learning suggestions

If you're preparing for exams or teaching Kubernetes, consider practicing scenarios such as:
• Secrets mounted as volumes
• ConfigMaps combined with Secrets
• Environment variables with valueFrom
• Pod restarts and how Secrets behave
• Multi-container Pods using shared Secrets

Видео CKAD 2026 EXAM PRACTICE # Q05 | Kubernetes Secrets to Environment Variables канала NeoKloud