Topic 1 Question 93
2 つ選択You are creating a CI/CD pipeline to perform Terraform deployments of Google Cloud resources. Your CI/CD tooling is running in Google Kubernetes Engine (GKE) and uses an ephemeral Pod for each pipeline run. You must ensure that the pipelines that run in the Pods have the appropriate Identity and Access Management (IAM) permissions to perform the Terraform deployments. You want to follow Google-recommended practices for identity management. What should you do?
Create a new Kubernetes service account, and assign the service account to the Pods. Use Workload Identity to authenticate as the Google service account.
Create a new JSON service account key for the Google service account, store the key as a Kubernetes secret, inject the key into the Pods, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Create a new Google service account, and assign the appropriate IAM permissions.
Create a new JSON service account key for the Google service account, store the key in the secret management store for the CI/CD tool, and configure Terraform to use this key for authentication.
Assign the appropriate IAM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods.
ユーザの投票
コメント(7)
I think is A, C Workload Identity is the recommended way to authenticate to Google Cloud services from GKE. reference: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
👍 4ldgomez2023/10/22- 正解だと思う選択肢: AC
I would go with A,C
👍 3Jason_Cloud_at2023/10/25 - 正解だと思う選択肢: AC
A.for the pod to authenticate as service account with the necessary permissions without handling keys C.to perform operations on google cloud ressources
👍 3khoukha2023/11/01
シャッフルモード