Explanation:
To ensure that only images from your centrally-managed Google Container Registry (GCR) in the altostrat-images project can be deployed to your GKE cluster while minimizing development time, the most effective approach is to use Binary Authorization. Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE). By creating a Binary Authorization policy that whitelists images from gcr.io/altostrat-images/, you can enforce that only images from this registry are deployed to your cluster. This method is both efficient and secure, as it leverages Google's built-in security features without requiring additional custom development or pipeline logic. Option B is the correct choice because it directly addresses the requirement with minimal overhead. Options A, C, and D either involve unnecessary complexity or do not provide the same level of security and simplicity as Binary Authorization.
Ultimate access to all questions.
To ensure that only images from your centrally-managed Google Container Registry (GCR) in the altostrat-images project can be deployed to your Google Kubernetes Engine (GKE) cluster while minimizing development time, what should you do?
A
Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
B
Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
C
Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
D
Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.
No comments yet.