You are designing a CI/CD pipeline for Terraform deployments of Google Cloud resources. Your pipeline runs on Google Kubernetes Engine (GKE) using ephemeral Pods for each execution. You need to ensure these Pods have the correct IAM permissions for Terraform deployments while adhering to Google's recommended identity management practices. What should you do? (Select two.)

Exam-Like

Create a new Kubernetes service account, and assign the service account to the Pods. Use Workload Identity to authenticate as the Google service account.

50.0%

Create a new JSON service account key for the Google service account, store the key as a Kubernetes secret, inject the key into the Pods, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable.

0.0%

Create a new Google service account, and assign the appropriate IAM permissions.

50.0%

Create a new JSON service account key for the Google service account, store the key in the secret management store for the CI/CD tool, and configure Terraform to use this key for authentication.

0.0%

Assign the appropriate IAM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods.

Google Professional Cloud DevOps Engineer

Get started today

Comments