You manage an application deployed on GKE clusters across multiple environments, using Cloud Build for user acceptance testing (UAT). Cloud Build is integrated with Artifact Analysis, and the Binary Authorization API is enabled in all relevant Google Cloud projects. To ensure only container images that pass specific UAT tests are deployed to production, and given that an attestor is already created, what are the next steps you should take?

Exam-Like

After the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE cluster-specific rule in Binary Authorization for the UAT Google Cloud project.

4.8%

After the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE cluster-specific rule in Binary Authorization for the production Google Cloud project policy.

14.3%

After the UAT phase, sign the attestation with a key stored in Cloud Key Management Service (KMS). Add a default rule in Binary Authorization for the UAT Google Cloud project.

14.3%

After the UAT phase, sign the attestation with a key stored in Cloud Key Management Service (KMS). Add a GKE cluster-specific rule in Binary Authorization for the production Google Cloud project policy.

66.7%

Google Professional Cloud Developer

Get started today

Comments