Answer-first summary for fast verification
Answer: Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
To ensure that only images from your centrally-managed Google Container Registry (GCR) in the altostrat-images project can be deployed to your GKE cluster while minimizing development time, the most effective approach is to use Binary Authorization. Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE). By creating a Binary Authorization policy that whitelists images from gcr.io/altostrat-images/, you can enforce that only images from this registry are deployed to your cluster. This method is both efficient and secure, as it leverages Google's built-in security features without requiring additional custom development or pipeline logic. Option B is the correct choice because it directly addresses the requirement with minimal overhead. Options A, C, and D either involve unnecessary complexity or do not provide the same level of security and simplicity as Binary Authorization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To ensure that only images from your centrally-managed Google Container Registry (GCR) in the altostrat-images project can be deployed to your Google Kubernetes Engine (GKE) cluster while minimizing development time, what should you do?
A
Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
B
Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
C
Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
D
Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.
No comments yet.