Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Associate Cloud Engineer Topic 1 Question 98 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 98
Topic #: 1
[All Associate Cloud Engineer Questions]

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Felix
2 months ago
I hear the Cloud Storage team is offering a special 'Kubernetes Delivery' service. You just have to leave a trail of breadcrumbs for the cluster to follow.
upvoted 0 times
Gennie
8 days ago
C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
upvoted 0 times
...
Jesus
15 days ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Elza
22 days ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Chu
2 months ago
Configuring ACLs on each image? Ain't nobody got time for that! I'm going with the easy button.
upvoted 0 times
...
Sanda
2 months ago
Creating a custom service account with a P12 key sounds a bit complicated. I'd prefer a simpler solution if possible.
upvoted 0 times
Linsey
1 months ago
D) Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
upvoted 0 times
...
Shay
1 months ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Latosha
1 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
Kayleigh
1 months ago
A) That sounds like a simpler solution. Granting the Storage Object Viewer IAM role seems easier.
upvoted 0 times
...
Terry
2 months ago
C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
upvoted 0 times
...
Ernie
2 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Destiny
2 months ago
But granting the Storage Object Viewer IAM role seems more secure to me.
upvoted 0 times
...
Eden
2 months ago
I'm not a fan of the 'Allow full access to all Cloud APIs' option. That's way too broad and a security risk. Let's go with something more specific.
upvoted 0 times
...
Lai
2 months ago
Option A seems like the logical choice. Granting the Storage Object Viewer role to the Kubernetes node service account should allow the cluster to download images from the registry.
upvoted 0 times
...
Zoila
2 months ago
I disagree, I believe the answer is C.
upvoted 0 times
...
Destiny
3 months ago
I think the correct answer is A.
upvoted 0 times
...

Save Cancel