New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer.

Google Professional-Cloud-DevOps-Engineer Full Course Access
Google Professional-Cloud-DevOps-Engineer View All Questions

You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer. Your customer is concerned with the risks associated with long-lived credentials use. The customer requires that each GKE workload has the minimum Identity and Access Management (IAM) permissions set following the principle of least privilege (PoLP). You need to design an IAM impersonation solution while following Google-recommended practices. What should you do?

A.

Create a Google service account.

Create a Kubernetes service account in a Workload Identity-enabled cluster.

Link the Google service account with the Kubernetes service account by using the roles/iam.workloadIdentityUser role and iam.gke.io/gcp-service-account annotation.

Map the Kubernetes service account to the workload.

Repeat for each workload.

B.

Create a Google service account.

Create a node pool, and set the Google service account as the default identity.

Ensure that workloads can only run on the designated node pool by using node selectors, taints, and tolerations.

Repeat for each workload.

C.

Create a Google service account.

Create a service account key for the Google service account.

Create a Kubernetes secret with a service account key.

Ensure that workload mounts the secret and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point at the mount path.

Repeat for each workload.

D.

Create a Google service account.

Create a node pool without taints, and set the Google service account as the default identity.

Grant IAM permissions to the Google service account.

Professional-Cloud-DevOps-Engineer PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now Professional-Cloud-DevOps-Engineer pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
Your company follows Site Reliability Engineering principles.
You support a user-facing web application.
Previous