Topic 1 Question 149
You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?
Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.
Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.
Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.
Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).
ユーザの投票
コメント(5)
- 正解だと思う選択肢: C👍 3koo_kai2023/10/28
- 正解だと思う選択肢: C
"you're configuring your CI/CD pipeline natively on Google Cloud", natively hints to use workload identity which is similar to ec2 instance profile.
👍 2lelele20232023/11/01 - 正解だと思う選択肢: C
Workload Identity allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts to access Google Cloud services. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
👍 2mshafa2023/11/05
シャッフルモード