PROFESSIONAL-CLOUD-DEVELOPER · Question #231
PROFESSIONAL-CLOUD-DEVELOPER Question #231: Real Exam Question with Answer & Explanation
The correct answer is D: Create a Google service account and a Kubernetes service account. Configure Workload Identity. Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allo
Question
You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery. You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?
Options
- ACreate a Google service account with BigQuery access. Add the JSON key to Secret Manager,
- BCreate a Google service account with BigQuery access. Add the Google service account JSON
- CCreate a Google service account with BigQuery access. Add the Google service account JSON
- DCreate a Google service account and a Kubernetes service account. Configure Workload Identity
Explanation
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster. https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is
Topics
Community Discussion
No community discussion yet for this question.