After updating the encryption config to add a new key, you notice Secrets are still stored unencrypted. What might be wrong?

medium📝 Troubleshoot Q7 of 15

Kubernetes - RBAC and Security

AThe etcd cluster is not reachable.

BThe kube-apiserver was not restarted after config change.

CThe encryption config file has incorrect YAML syntax.

DThe new key is listed after the identity provider.

Step-by-Step Solution

Solution:

Step 1: Recognize kube-apiserver reload requirement
Changes to encryption config require kube-apiserver restart to take effect.
Step 2: Confirm other options
While config syntax and etcd connectivity matter, the most common cause is no restart.
Final Answer:
The kube-apiserver was not restarted after config change. -> Option B
Quick Check:
Restart kube-apiserver after encryption config update [OK]

Quick Trick: Always restart kube-apiserver after changing encryption config. [OK]

Common Mistakes:

Master "RBAC and Security" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Kubernetes Quizzes