PROFESSIONAL-CLOUD-DEVOPS-ENGINEER · Question #115
PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #115: Real Exam Question with Answer & Explanation
The correct answer is B: Store the credentials as a Kubernetes Secret and let the application access it via environment. A is incorrect because it would produce an insecure artifact, which anyone could run without going through proper RBAC channels. B is correct because it enables secrets usage without needing to modify the code per environment, update build pipelines, or store secrets insecurely.
Question
You are deploying an application to a Kubernetes cluster that requires a username and password to connect to another service. When you deploy the application, you want to ensure that the credentials are used securely in multiple environments with minimal code changes. What should you do?
Options
- ABundle the credentials with the code inside the container and secure the container registry.
- BStore the credentials as a Kubernetes Secret and let the application access it via environment
- CLeverage a CI/CD pipeline to update the variables at build time and inject them into a templated
- DStore the credentials as a Kubernetes ConfigMap and let the application access it via
Explanation
A is incorrect because it would produce an insecure artifact, which anyone could run without going through proper RBAC channels. B is correct because it enables secrets usage without needing to modify the code per environment, update build pipelines, or store secrets insecurely. C is incorrect because it requires modification of deployment code per environment, which will produce an insecure intermediary artifact. D is incorrect because it will expose the parameters in an insecure fashion and would require changing deployment code for every environment. https://kubernetes.io/docs/concepts/configuration/secret/
Topics
Community Discussion
No community discussion yet for this question.