Answer-first summary for fast verification
Answer: Create a service account. Grant bucket access to the Pods by using Workload Identity Federation for GKE.
Option A is the correct answer because Workload Identity Federation for GKE is Google's recommended best practice for securely granting GKE workloads access to Google Cloud services. It eliminates the need for managing service account keys, which reduces security risks and management overhead. Workload Identity allows GKE pods to impersonate a Google service account without storing long-lived credentials, providing automatic credential rotation and better security posture. Options B, C, and D all involve managing service account keys, which creates security risks (keys can be leaked or stolen) and increases management overhead (requiring key rotation, storage, and distribution). The community discussion shows 100% consensus on option A, with upvoted comments emphasizing that Workload Identity is the recommended approach for secure and manageable access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have Google Kubernetes Engine (GKE) Pods that need to access objects in a Cloud Storage bucket. How can you securely grant this access while minimizing management overhead?
A
Create a service account. Grant bucket access to the Pods by using Workload Identity Federation for GKE.
B
Create a service account with keys. Store the keys in Secret Manager with a 30-day rotation schedule. Reference the keys in the Pods.
C
Create a service account with keys. Store the keys as a Kubernetes secret. Reference the keys in the Pods.
D
Create a service account with keys. Store the keys in Secret Manager. Reference the keys in the Pods.