Problem Statement
Your Kubernetes cluster’s etcd was exposed due to mis-configuration and data was potentially accessed by an unauthorised actor. What immediate actions do you take, how do you assess impact and how do you restore a secure state? What long-term changes do you make to prevent recurrence?
Explanation
First I would isolate the cluster by revoking external access and restricting API server endpoints. I’d immediately rotate all secrets, certificates and credentials, restore etcd from a clean snapshot before the exposure, and audit logs to identify what was accessed. I would inform stakeholders, potentially initiate compliance/legal review if sensitive data was exposed. For long term I’d enforce encryption at rest, restrict etcd access to control-plane nodes, apply RBAC least-privilege, enable audit logs and integrate a secrets-management system. These response steps reflect a senior operational mindset expected in high-stakes interviews.
