Answer-first summary for fast verification
Answer: Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
The correct answer is C. Configuring binary authorization policies for the development, staging, and production clusters and creating attestations as part of the continuous integration pipeline ensures that only approved images that have been tested in development and staging can be deployed to production. Binary authorization is a feature of Google Kubernetes Engine that enforces policies on container images, ensuring compliance with the required deployment process and preventing the bypass of development and staging environments.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. This application is deployed across separate clusters for development, staging, and production environments. Recently, it was discovered that the team is able to bypass the development and staging environments and deploy a Docker image directly to the production cluster. While you want to maintain the team's autonomy, you need to enforce a process where deployments must be tested in the development and staging environments before reaching production. You are looking for a Google Cloud solution that can be implemented quickly and requires minimal effort. What should you do?
A
Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment.
B
Implement a corporate policy to prevent teams from deploying Docker images to an environment unless the Docker image was tested in an earlier environment.
C
Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
D
Create a Kubernetes admissions controller to prevent the container from starting if it is not approved for usage in the given environment.
No comments yet.