The Kubernetes API server is the central component of the control plane that exposes the Kubernetes API. It validates and processes requests, and it persists the state of all Kubernetes objects. For this persistence, it uses etcd, a consistent and highly-available key-value store. All cluster data, including configurations, specifications, and the state of objects like Pods, Services, and Secrets, is stored in etcd. Therefore, when a Secret is created, the API server stores it in the etcd data store.

A. secrets directory: This typically refers to the temporary directory on a worker node where a secret is mounted into a pod's filesystem, not the master's primary storage.

B. monit directory: monit is a third-party system monitoring tool and is not a native component of Kubernetes for storing cluster state or secrets.

C. kubelet directory: The kubelet is an agent on each worker node. Its directory stores node-specific information, not the centralized cluster-wide state managed by the API server.

1. Official Kubernetes Documentation

"Secrets": "Kubernetes Secrets let you store and manage sensitive information... Secrets are stored in your cluster's data store (etcd)."

Source: Kubernetes Authors. (n.d.). Secrets. Kubernetes Documentation. Retrieved from https://kubernetes.io/docs/concepts/configuration/secret/ (Section: "Secrets in Kubernetes").

2. Official Kubernetes Documentation

"Kubernetes Components": Describes etcd as the "Consistent and highly-available key-value store used as Kubernetes' backing store for all cluster data." This confirms its role as the single source of truth for the cluster.

Source: Kubernetes Authors. (n.d.). Kubernetes Components. Kubernetes Documentation. Retrieved from https://kubernetes.io/docs/concepts/overview/components/ (Section: "Control Plane Components"

subsection "etcd").

3. IBM Cloud Documentation

"Encrypting Kubernetes secrets": "By default

Kubernetes secrets are base64 encoded. When you enable a key management service (KMS) provider for your cluster

you encrypt the secrets in the etcd component of your Kubernetes master." This explicitly states that secrets reside in etcd.

Source: IBM Cloud Docs. (2023). Encrypting Kubernetes secrets. IBM Cloud. Retrieved from https://cloud.ibm.com/docs/containers?topic=containers-encryption (Paragraph 1).