Answer-first summary for fast verification
Answer: Assign the Container Developer role to the Cloud Build service account.
To authenticate Cloud Build to deploy new images to Google Kubernetes Engine (GKE) using the kubectl builder with minimal development effort, the best approach is to assign the Container Developer role to the Cloud Build service account. This is because the Cloud Build service account is automatically used by Cloud Build when executing builds. By assigning the Container Developer role to this service account, you grant it the necessary permissions to interact with GKE without the need for additional configuration or the creation of new service accounts. Option A is correct because it directly addresses the requirement with minimal effort. Option B is incorrect because roles are not specified in the cloudbuild.yaml file; instead, they are managed through IAM. Option C is incorrect because creating a new service account adds unnecessary complexity and development effort. Option D is incorrect because manually retrieving and passing service account credentials introduces unnecessary steps and potential security risks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team utilizes Cloud Build for all CI/CD pipelines. You want to use the kubectl builder in Cloud Build to deploy new images to Google Kubernetes Engine (GKE). You need to authenticate to GKE with minimal development effort. What should you do?
A
Assign the Container Developer role to the Cloud Build service account.
B
Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
C
Create a new service account with the Container Developer role and use it to run Cloud Build.
D
Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.
No comments yet.