You are deploying an application to a Kubernetes cluster that requires a username and password to connect to another service. When you deploy the application, you want to ensure that the credentials are used securely in multiple environments with minimal code changes. What should you do?
A. Bundle the credentials with the code inside the container and secure the container registry.
B. Store the credentials as a Kubernetes Secret and let the application access it via environment variables at runtime.
C. Leverage a CI/CD pipeline to update the variables at build time and inject them into a templated Kubernetes application manifest.
D. Store the credentials as a Kubernetes ConfigMap and let the application access it via environment variables at runtime.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
B
Explanation
A. Bundle the credentials with the code inside the container and secure the container registry.
(Code is checked into a repository. So, username and password will be exposed to everyone and causing a vulnerability threat. Not recommended at all.)
B. Store the credentials as a Kubernetes Secret and let the application access it via environment variables at runtime.
C. Leverage a CI/CD pipeline to update the variables at build time and inject them into a templated Kubernetes application manifest.
(Manifests are plain text yaml files. This exposes all the credentials.)
D. Store the credentials as a Kubernetes ConfigMap and let the application access it via environment variables at runtime.
(ConfigMaps are stored as plain text. This expose credentials.)