Explanation:
The correct answer is D because Kubernetes provides the Secret resource type specifically for storing and managing sensitive information, such as passwords and OAuth tokens, in a secure manner. This approach is safer and more flexible than hardcoding credentials in Pod definitions or container images.
Ultimate access to all questions.
No comments yet.
In a Kubernetes Engine deployment, your engineers have hardcoded database credentials in the YAML configuration as shown below. What is Google's recommended best practice for handling sensitive information like this in Kubernetes?
apiVersion: "extensions/v1beta1"
kind: "Deployment"
metadata:
name: "products-service"
namespace: "default"
labels:
app: "products-service"
spec:
replicas: 3
selector:
matchLabels:
app: "products-service"
template:
metadata:
labels:
app: "products-service"
spec:
containers:
- name: "products"
image: "gcr.io/find-seller-app-dev/products:latest"
env:
- name: "database_user"
value: "admin"
- name: "database_password"
value: "TheB3stP@ssW0rd"
apiVersion: "extensions/v1beta1"
kind: "Deployment"
metadata:
name: "products-service"
namespace: "default"
labels:
app: "products-service"
spec:
replicas: 3
selector:
matchLabels:
app: "products-service"
template:
metadata:
labels:
app: "products-service"
spec:
containers:
- name: "products"
image: "gcr.io/find-seller-app-dev/products:latest"
env:
- name: "database_user"
value: "admin"
- name: "database_password"
value: "TheB3stP@ssW0rd"
A
Mount the credentials in a volume.
B
Store the credentials in a ConfigMap.
C
Use an environment variable.
D
Store the credentials in a Secret.