[Base64 (Encode & Decode)]
$ echo -n 'my-app' | base64
bXktYXBw
$ echo -n '39528$vdg7Jb' | base64
Mzk1MjgkdmRnN0pi

[Create the Secret]
$ kubectl apply -f Secret.yaml
$ kubectl apply -f https://k8s.io/examples/pods/inject/secret.yaml

[View information about the Secret]
$ kubectl get secret test-secret
NAME          TYPE      DATA      AGE
test-secret   Opaque    2         1m

[View more detailed information about the Secret]
$ kubectl describe secret test-secret

[Create a Secret directly with 'kubectl create secret' command]
$ kubectl create secret generic test-secret --from-literal='username=my-app' --from-literal='password=39528$vdg7Jb'

[Create the Pod]
$ kubectl apply -f pod-volume_1.yaml
$ kubectl apply -f pod-volume_2.yaml
$ kubectl apply -f https://k8s.io/examples/pods/inject/secret-pod.yaml

[Verify that your Pod is running]
$ kubectl get pod secret-test-pod
NAME              READY     STATUS    RESTARTS   AGE
secret-test-pod   1/1       Running   0          42m

[shell into the Container that is running in Pod]
The secret data is exposed to the Container through a Volume mounted under '/etc/secret-volume'.
In shell, list the files in the '/etc/secret-volume' directory.
$ kubectl exec -i -t secret-test-pod -- /bin/bash
.......># ls /etc/secret-volume
        password username
        # echo "$( cat /etc/secret-volume/username )"
        my-app
        # echo "$( cat /etc/secret-volume/password )"
        39528$vdg7Jb

[Create the Pod]
$ kubectl apply -f pod-volume_3.yaml

When deploy this Pod, the following happens:
The 'username' key from 'mysecret' is available to the container at the path '/etc/foo/my-group/my-username' instead of at '/etc/foo/username'.
The 'password' key from that Secret object is not projected.

[Create the Pod]
$ kubectl apply -f pod-volume_4.yaml

If don't specify any permissions, 0644 is used by default.
The Secret is mounted on '/etc/foo', all the files created by the secret volume mount have permission '0400'.

[Environment Variable using with single Secret]
$ kubectl create secret generic backend-user --from-literal=backend-username='backend-admin'

[Create the Pod]
$ kubectl create -f pod-env_1.yaml
$ kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml

[shell, display the content of 'SECRET_USERNAME' container environment variable]
$ kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME'
backend-admin

[Environment Variable using with multiple Secrets]
$ kubectl create secret generic backend-user --from-literal=backend-username='backend-admin'
$ kubectl create secret generic db-user --from-literal=db-username='db-admin'

[Create the Pod]
$ kubectl create -f pod-env_2.yaml
$ kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml

[shell, display the container environment variables]
$ kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME'
DB_USERNAME=db-admin
BACKEND_USERNAME=backend-admin

[Create a Secret containing multiple key-value pairs]
$ kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb'

[Create the Pod]
$ kubectl create -f pod-envFrom.yaml
$ kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml

[shell, display 'username' and 'password' container environment variables]
$ kubectl exec -i -t envfrom-secret -- /bin/sh -c 'echo "username: $username\npassword: $password\n"'
username: my-app
password: 39528$vdg7Jb

[Create a Secret directly with 'kubectl create secret' command]
$ kubectl create secret generic prod-db-secret --from-literal=username=produser --from-literal=password=Y4nys7f11
secret "prod-db-secret" created
$ kubectl create secret generic test-db-secret --from-literal=username=testuser --from-literal=password=iluvtests
secret "test-db-secret" created
$ kubectl create secret generic dev-db-secret --from-literal=username=devuser --from-literal=password='S!B\*d$zDsb='

[Create the Pod]
$ kubectl create -f pod.yaml
pod/prod-db-client-pod created
pod/test-db-client-pod created

Both containers will have the following files present on their filesystems with the values for each container's environment:
/etc/secret-volume/username
/etc/secret-volume/password
