Question 8
Kubernetes FundamentalsYou need to provide a database password to a pod. Which object is most appropriate?
Correct answer: B
Explanation
A Secret is designed to store sensitive data such as passwords, tokens, and keys. Kubernetes uses Secrets to keep confidential values separate from pod specs, so a database password should be provided through a Secret rather than a plain ConfigMap or hardcoded value.
Why each option is right or wrong
A. ConfigMap
B. Secret
Kubernetes Secrets are the dedicated API object for sensitive values such as passwords, tokens, and keys, as defined in the Kubernetes documentation and API model for `v1/Secret`. A Secret stores data as base64-encoded fields and is intended to be mounted into a Pod or exposed as environment variables without embedding the credential directly in the Pod spec, which is why a database password belongs there rather than in a non-sensitive configuration object.
C. A plain env var in the pod spec
D. PersistentVolume