Bird
0
0

After configuring encryption for Kubernetes Secrets, you still find unencrypted Secrets in etcd. What is the most probable reason?

medium📝 Troubleshoot Q6 of 15
Kubernetes - Secrets
After configuring encryption for Kubernetes Secrets, you still find unencrypted Secrets in etcd. What is the most probable reason?
AThe etcd database automatically decrypts Secrets on storage
BSecrets are always stored encrypted regardless of configuration
CThe encryption provider configuration was not applied to the API server
DThe kubelet encrypts Secrets before sending them to etcd
Step-by-Step Solution
Solution:

  1. Step 1: Verify Encryption Configuration

    Check if the EncryptionConfiguration file is correctly referenced in the API server startup parameters.

  2. Step 2: Confirm API Server Restart

    Ensure the API server has been restarted after applying the encryption config to load the changes.

  3. Final Answer:

    The encryption provider configuration was not applied to the API server -> Option C

  4. Quick Check:

    Encryption config must be active in API server flags [OK]
Quick Trick: Encryption config must be loaded by API server [OK]
Common Mistakes:
  • Assuming etcd encrypts Secrets automatically
  • Believing kubelet handles encryption before storage
  • Thinking Secrets are encrypted by default without config

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
ConfigMaps - Creating ConfigMaps from files - Quiz 8hard Health Checks and Probes - Liveness probe concept - Quiz 1easy Health Checks and Probes - HTTP probe configuration - Quiz 13medium Health Checks and Probes - Readiness probe concept - Quiz 6medium Ingress - Ingress controllers (Nginx, Traefik) - Quiz 9hard Networking - Pod-to-Pod communication - Quiz 1easy Resource Management - CPU requests and limits - Quiz 2easy Resource Management - Horizontal Pod Autoscaler - Quiz 6medium Resource Management - CPU requests and limits - Quiz 12easy Secrets - External secret management integration - Quiz 12easy