Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
To securely add a secret to your containerized application running in a Google Kubernetes Engine (GKE) cluster, what is the recommended approach?
A
Create a Kubernetes Secret, and pass the Secret as an environment variable to the container.
B
Enable Application-layer Secret Encryption on the cluster using a Cloud Key Management Service (KMS) key.
C
Store the credential in Cloud KMS. Create a Google service account (GSA) to read the credential from Cloud KMS. Export the GSA as a .json file, and pass the .json file to the container as a volume which can read the credential from Cloud KMS.
D
Store the credential in Secret Manager. Create a Google service account (GSA) to read the credential from Secret Manager. Create a Kubernetes service account (KSA) to run the container. Use Workload Identity to configure your KSA to act as a GSA.
