Answer-first summary for fast verification
Answer: Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
Google recommends using Workload Identity for secure and efficient access to Google Cloud services from GKE. Workload Identity allows Kubernetes service accounts to impersonate Google service accounts, eliminating the need for static JSON keys (which pose security risks). Option D correctly implements this by configuring Workload Identity to link the Kubernetes service account with the Google service account, ensuring secure authentication without exposing keys. Other options (A, B, C) involve storing or accessing JSON keys, which are less secure and not aligned with Google's best practices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a developer working with a Go application in a production Google Kubernetes Engine (GKE) cluster, you need to implement a new feature requiring BigQuery access. How can you securely grant this access to your GKE cluster while adhering to Google's recommended best practices?
A
Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.
B
Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.
C
Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.
D
Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
No comments yet.