You need to create a Pod that mounts a Secret named 'mysecret' as an environment variable 'SECRET_DATA'. The secret has a key 'password'. Which YAML snippet correctly achieves this?
Correct. secretKeyRef uses name for the secret and key for the key within the secret.
Why this answer
Option B is correct because it uses the `secretKeyRef` field under `valueFrom` to reference a specific key from a Secret named 'mysecret' and inject its value into the environment variable `SECRET_DATA`. This is the standard Kubernetes syntax for exposing a Secret's key-value pair as an environment variable.
Exam trap
The trap here is that candidates often confuse `configMapKeyRef` with `secretKeyRef` or swap the `name` and `key` fields, leading them to pick options that either reference the wrong resource type or misorder the required fields.
How to eliminate wrong answers
Option A is wrong because it uses `configMapKeyRef` instead of `secretKeyRef`; ConfigMaps are for non-sensitive data, while Secrets require `secretKeyRef`. Option C is wrong because it swaps the `name` and `key` fields: `name` should be the Secret's name ('mysecret'), and `key` should be the key within that Secret ('password'). Option D is wrong because it mounts the Secret as a file via a volume, not as an environment variable, which does not meet the requirement to expose the value as `SECRET_DATA`.