Your organization is using Helm to package containerized applications. Your applications reference both public and private charts. Your security team flagged that using a public Helm repository as a dependency is a risk. You want to manage all charts uniformly, with native access control and VPC Service Controls. What should you do?
A. Store public and private charts in OCI format by using Artifact Registry.
B. Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider.
C. Store public and private charts by using Git repository. Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket. Connect Helm to the bucket by using https://[bucket].storage-googleapis.com/[helmchart] as the Helm repository.
D. Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A
Explanation
A. Store public and private charts in OCI format by using Artifact Registry.
(https://cloud.google.com/artifact-registry/docs/helm
To address security concerns and maintain consistent access controls for Helm charts, it’s recommended to store both public and private charts in the Open Container Initiative (OCI) format using Google Cloud’s Artifact Registry, as suggested in option A.)
B. Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider.
(Go with Google Cloud option, if it provides the service.)
C. Store public and private charts by using Git repository. Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket. Connect Helm to the bucket by using https://[bucket].storage-googleapis.com/[helmchart] as the Helm repository.
(Go with Google Cloud option, if it provides the service.)
D. Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend.
(Prefer in-built options if it’s available, rather than the custom solution.)