Topic 1 Question 59
A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE). How should the DevOps team accomplish this?
Use Puppet or Chef to push out the patch to the running container.
Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
Update the application code or apply a patch, build a new image, and redeploy it.
Configure containers to automatically upgrade when the base image is available in Container Registry.
ユーザの投票
コメント(17)
https://cloud.google.com/containers/security Containers are meant to be immutable, so you deploy a new image in order to make changes. You can simplify patch management by rebuilding your images regularly, so the patch is picked up the next time a container is deployed. Get the full picture of your environment with regular image security reviews. C is better
👍 13TNT872021/02/08Ans : C
👍 6DebasishLowes2021/03/23Its actually B. Patching a vulnerability involves upgrading to a new GKE or Anthos version number. GKE and Anthos versions include versioned components for the operating system, Kubernetes components, and other containers that make up the Anthos platform. Fixing some vulnerabilities requires only a control plane upgrade, performed automatically by Google on GKE, while others require both control plane and node upgrades.
To keep clusters patched and hardened against vulnerabilities of all severities, we recommend using node auto-upgrade on GKE (on by default). On other Anthos platforms, Google recommends upgrading your Anthos components at least monthly.
Ref: https://cloud.google.com/kubernetes-engine/docs/resources/security-patching
👍 4Rhehehe2021/12/22
シャッフルモード