Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 93 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 93
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are creating a CI/CD pipeline to perform Terraform deployments of Google Cloud resources. Your CI/CD tooling is running in Google Kubernetes Engine (GKE) and uses an ephemeral Pod for each pipeline run. You must ensure that the pipelines that run in the Pods have the appropriate Identity and Access Management (IAM) permissions to perform the Terraform deployments. You want to follow Google-recommended practices for identity management. What should you do? (Choose two.)

  • A. Create a new Kubernetes service account, and assign the service account to the Pods. Use Workload Identity to authenticate as the Google service account.
  • B. Create a new JSON service account key for the Google service account, store the key as a Kubernetes secret, inject the key into the Pods, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
  • C. Create a new Google service account, and assign the appropriate IAM permissions.
  • D. Create a new JSON service account key for the Google service account, store the key in the secret management store for the CI/CD tool, and configure Terraform to use this key for authentication.
  • E. Assign the appropriate IAM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by PrayasMohanty at Oct. 6, 2023, 4:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
6a8c7ad
3 months, 1 week ago
Selected Answer: CD
C and D. Gke service account needs to impersonate.
upvoted 1 times
...
xhilmi
11 months, 3 weeks ago
Selected Answer: AC
Option A: Suggests creating a new Kubernetes service account and assigning it to the Pods. This service account is then associated with a Google service account using Workload Identity. This setup enables seamless authentication of Pods as the specified Google service account without relying on manual management of service account keys. Option C: Complements the approach by emphasizing the creation of a new Google service account and assigning the necessary IAM permissions. While the Kubernetes service account establishes the identity within the GKE cluster, the Google service account is associated with the underlying Google Cloud resources, ensuring that the appropriate permissions are granted for Terraform deployments.
upvoted 4 times
...
khoukha
1 year ago
Selected Answer: AC
A.for the pod to authenticate as service account with the necessary permissions without handling keys C.to perform operations on google cloud ressources
upvoted 4 times
...
Jason_Cloud_at
1 year, 1 month ago
Selected Answer: AC
I would go with A,C
upvoted 3 times
...
ldgomez
1 year, 1 month ago
I think is A, C Workload Identity is the recommended way to authenticate to Google Cloud services from GKE. reference: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
upvoted 4 times
...
activist
1 year, 1 month ago
B, C are best answers per the URL link below. https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
upvoted 2 times
...
activist
1 year, 1 month ago
Why not answers C, D?
upvoted 2 times
lelele2023
1 year, 1 month ago
you don't want to configure tf to consume the key, instead you delegate the auth to the kube things like pod
upvoted 1 times
...
...
PrayasMohanty
1 year, 1 month ago
My Recomendtion is CB
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel