Complete the command to create a secret named mysecret with a key called password.
kubectl create secret generic mysecret --from-literal=[1]=mypassword
The key for the secret data is usually descriptive, here 'password' fits the example.
Complete the command to view the secret data in base64 encoding.
kubectl get secret mysecret -o [1]The jsonpath option extracts the base64 encoded value of the password key.
Fix the error in the command to decode the secret password value.
kubectl get secret mysecret -o jsonpath='{{.data.password}}' | [1] -d
The 'base64 -d' command decodes the base64 encoded secret value.
Fill both blanks to enable encryption of secrets at rest in Kubernetes.
apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - [1]: keys: - name: key1 [2]: {{"<base64-encoded-key>"}}
'aescbc' is a common encryption provider and 'key' is the field for the encryption key.
Fill all three blanks to patch the API server manifest to enable encryption.
spec:
containers:
- name: kube-apiserver
command:
- kube-apiserver
- --encryption-provider-config=[1]
- --authorization-mode=[2]
- --enable-admission-plugins=[3]The encryption config file path is set, RBAC and NodeRestriction are common authorization and admission plugins, and Encryption admission plugin is enabled.