Topic 1 Question 230
Your application is running as a container in a Google Kubernetes Engine cluster. You need to add a secret to your application using a secure approach. What should you do?
Create a Kubernetes Secret, and pass the Secret as an environment variable to the container.
Enable Application-layer Secret Encryption on the cluster using a Cloud Key Management Service (KMS) key.
Store the credential in Cloud KMS. Create a Google service account (GSA) to read the credential from Cloud KMS. Export the GSA as a .json file, and pass the .json file to the container as a volume which can read the credential from Cloud KMS.
Store the credential in Secret Manager. Create a Google service account (GSA) to read the credential from Secret Manager. Create a Kubernetes service account (KSA) to run the container. Use Workload Identity to configure your KSA to act as a GSA.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: D
A is not correct because a Kubernetes Secret only encodes the string, and anyone who can read the secret will be able to decode it.
👍 3mrvergara2023/02/12 D is best answer: You should not store secrets in k8s secrets: https://kubernetes.io/docs/concepts/configuration/secret/ They are for environment variables.
👍 2rich_maverick2023/02/06- 正解だと思う選択肢: D👍 2Pime132023/02/19
シャッフルモード