Bird
0
0

Which of the following is the correct way to enable Secrets encryption at rest in Kubernetes EncryptionConfiguration file?

easy📝 Configuration Q12 of 15
Kubernetes - RBAC and Security
Which of the following is the correct way to enable Secrets encryption at rest in Kubernetes EncryptionConfiguration file?
AapiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - aescbc: keys: - name: key1 secret: <base64-encoded-key> - identity: {}
BapiVersion: v1 kind: Secret metadata: name: encryption-config stringData: key: <base64-encoded-key>
CapiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - secrets providers: - identity: {} - aescbc: keys: - name: key1 secret: <base64-encoded-key>
DapiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfig resources: - secrets - aescbc: keys: - name: key1 secret: <base64-encoded-key>
Step-by-Step Solution
Solution:

  1. Step 1: Review the correct structure of EncryptionConfiguration

    The file must have apiVersion, kind, and a resources list with nested resources and providers. The providers list includes encryption methods like aescbc and identity.

  2. Step 2: Compare options for correct YAML syntax and structure

    apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - secrets providers: - identity: {} - aescbc: keys: - name: key1 secret: correctly nests resources and providers, uses aescbc with keys, and includes identity as fallback. apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - aescbc: keys: - name: key1 secret: - identity: {} incorrectly nests 'resources' under 'resources'. Others have syntax errors or wrong kind names.

  3. Final Answer:

    apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - secrets providers: - identity: {} - aescbc: keys: - name: key1 secret: -> Option C

  4. Quick Check:

    Correct YAML structure = apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - secrets providers: - identity: {} - aescbc: keys: - name: key1 secret: [OK]
Quick Trick: Look for 'resources' as a list of resource names and 'providers' as a list of encryption methods [OK]
Common Mistakes:
  • Using wrong kind name like EncryptionConfig instead of EncryptionConfiguration
  • Incorrect YAML indentation or missing nested keys
  • Placing keys outside the providers list
  • Nesting 'resources' under 'resources' incorrectly

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Helm Package Manager - Adding chart repositories - Quiz 9hard Monitoring and Logging - Alerting with Prometheus Alertmanager - Quiz 8hard Operators and Custom Resources - Operator SDK basics - Quiz 4medium Operators and Custom Resources - Operator pattern overview - Quiz 3easy Operators and Custom Resources - OperatorHub for community operators - Quiz 1easy Operators and Custom Resources - OperatorHub for community operators - Quiz 5medium Production Best Practices - Why production readiness matters - Quiz 1easy Production Best Practices - Why production readiness matters - Quiz 9hard RBAC and Security - Pod security standards - Quiz 8hard RBAC and Security - Image security scanning - Quiz 7medium