Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
As part of developing a new product using Google Kubernetes Engine (GKE), you have set up a single GKE cluster. Within this cluster, you run individual Pods for each of your customers, allowing them to execute arbitrary code inside their respective Pods. Your goal is to ensure maximum isolation between the different customer Pods to maintain a high level of security and prevent interference between them. What measures should you implement to achieve this level of isolation?
A
Use Binary Authorization and whitelist only the container images used by your customers' Pods.
B
Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.
C
Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.
D
Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.