In a finance company, the security team requires all container images to be stored in a single GCP project. You've created a new project and need to use one of these images in a GKE cluster. How can you ensure GKE can download images from the central project’s Container Registry?

Real Exam

While creating the GKE cluster, select the 'Allow full access to all Cloud APIs' option under ‘Access scopes‘.

6.3%

Create a service account with access to Cloud Storage. Create a P12 key for the service account and use it as an imagePullSecrets in Kubernetes.

25.0%

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

62.5%

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

6.3%

Google Associate Cloud Engineer