You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?
A. Enable Cloud Security Scanner on the clusters.
B. Enable Vulnerability Analysis on the Container Registry.
C. Set up the Kubernetes Engine clusters as private clusters.
D. Set up the Kubernetes Engine clusters with Binary Authorization.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
D
Explanation
A. Enable Cloud Security Scanner on the clusters.
(It will not ensure that the images are built by trusted CI/CD pipelines.)
B. Enable Vulnerability Analysis on the Container Registry.
(It will not ensure that the images are built by trusted CI/CD pipelines.)
C. Set up the Kubernetes Engine clusters as private clusters.
(It will not ensure that the images are built by trusted CI/CD pipelines.)
D. Set up the Kubernetes Engine clusters with Binary Authorization.
(To ensure that only images successfully built by your trusted CI/CD pipeline are deployed to production on Google Kubernetes Engine (GKE) clusters, you should set up the Kubernetes Engine clusters with Binary Authorization.)