Answer-first summary for fast verification
Answer: Enable binary authorization on the clusters and apply a policy to govern the allowed images
The correct approach is to enable binary authorization on the clusters and apply a policy to govern the allowed images. Binary authorization provides a way to allow or block the deployment of images based on policies, which is exactly what's needed in this scenario. - **Why other options are not suitable:** - **IAM permissions** can grant access to services like GKE or Container Registry but cannot control the images deployed on a GKE cluster. - **Custom routes** are designed for network-level traffic routing and do not address image deployment restrictions. - **Firewall rules** control network traffic flow but cannot restrict the images used for deployment. For more details, refer to the [Binary Authorization documentation](https://cloud.google.com/binary-authorization).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a DevOps engineer for a financial organization, you're tasked with setting up an automated CI/CD pipeline to deploy applications to GKE clusters in production. A key requirement is to restrict the types and sources of container images that can be deployed. How would you implement this restriction?
A
Apply IAM permissions to restrict the container images that can be deployed on clusters
B
Create custom routes to control traffic to the clusters
C
Enable binary authorization on the clusters and apply a policy to govern the allowed images
D
Apply firewall rules to the VPCs
No comments yet.