Your company has multiple teams that wish to utilize Cloud Build for deploying to their respective Google Kubernetes Engine (GKE) clusters, each located in dedicated projects with exclusive access. To adhere to Google's recommended practices while ensuring teams cannot interfere with each other's clusters, what is the best approach to design the Cloud Build setup?

Real Exam

Establish a centralized project for Cloud Build shared by all teams. Identify the Cloud Build service account within this project and assign the Kubernetes Engine Developer IAM role to this account in every team's project.

11.1%

For each team's project, identify the Cloud Build service account and assign the Kubernetes Engine Developer IAM role to it. Teams should then execute Cloud Build builds within their own projects.

44.4%

Restrict team members' access to their respective clusters only. Have each member install the gcloud CLI, authenticate via 'gcloud init', and execute builds using 'gcloud builds submit'.

33.3%

In each team's project, create a service account with a JSON key, granting it the Kubernetes Engine Developer IAM role. Use a single Cloud Build project to store all service account keys encrypted with Cloud KMS, allowing Cloud Build to decrypt these keys for cluster access during builds.

11.1%

Google Professional Cloud DevOps Engineer

Get started today

Comments