Answer-first summary for fast verification
Answer: 1. Create a build pipeline by using Cloud Build with a private worker pool. 2. Use VPC Service Controls to place all components and services in your CI/CD pipeline inside a security perimeter. 3. Configure your GKE cluster to only allow container images signed by Binary Authorization.
The requirements are to ensure only images from the build pipeline are deployed and to protect code/artifacts from exfiltration. Option B addresses both by using a private Cloud Build worker pool (keeping builds within the VPC), VPC Service Controls (creating a security perimeter to block data exfiltration), and Binary Authorization (enforcing image signing for deployment). Other options fall short: A uses the default worker pool (public), C lacks Binary Authorization, and D uses the default worker pool (public) and omits VPC Service Controls.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you design a container build pipeline for a GKE-hosted application with these requirements:
• Only images generated by your build pipeline should be deployable to your GKE cluster.
• All source code and build artifacts must stay within your environment and be secured against data exfiltration?
A
B
C
D
No comments yet.