Answer-first summary for fast verification
Answer: Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
The correct answer is B. Google-recommended practices suggest using Kubernetes Secrets to store sensitive data like passwords. Storing such data inside a ConfigMap, Docker image, or a file within a persistent volume is not secure. Secrets are designed to store sensitive information and are encrypted, ensuring that your database password remains secure. Hence, you should store the database password inside a Secret object and modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have deployed a microservice named 'myapp1' within a Google Kubernetes Engine (GKE) cluster utilizing the provided YAML configuration file. Currently, the database password is stored in plain text within this configuration. To adhere to Google-recommended best practices for security, you need to refactor this YAML configuration to ensure that the database password is not stored in plain text. How should you proceed?
A
Store the database password inside the Docker image of the container, not in the YAML file.
B
Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
C
Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
D
Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.
No comments yet.