Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Associate Cloud Engineer Topic 1 Question 98 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 98
Topic #: 1
[All Associate Cloud Engineer Questions]

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Felix
1 months ago
I hear the Cloud Storage team is offering a special 'Kubernetes Delivery' service. You just have to leave a trail of breadcrumbs for the cluster to follow.
upvoted 0 times
Jesus
2 days ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Elza
9 days ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Chu
1 months ago
Configuring ACLs on each image? Ain't nobody got time for that! I'm going with the easy button.
upvoted 0 times
...
Sanda
2 months ago
Creating a custom service account with a P12 key sounds a bit complicated. I'd prefer a simpler solution if possible.
upvoted 0 times
Linsey
20 days ago
D) Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
upvoted 0 times
...
Shay
23 days ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Latosha
1 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
Kayleigh
1 months ago
A) That sounds like a simpler solution. Granting the Storage Object Viewer IAM role seems easier.
upvoted 0 times
...
Terry
1 months ago
C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
upvoted 0 times
...
Ernie
1 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Destiny
2 months ago
But granting the Storage Object Viewer IAM role seems more secure to me.
upvoted 0 times
...
Eden
2 months ago
I'm not a fan of the 'Allow full access to all Cloud APIs' option. That's way too broad and a security risk. Let's go with something more specific.
upvoted 0 times
...
Lai
2 months ago
Option A seems like the logical choice. Granting the Storage Object Viewer role to the Kubernetes node service account should allow the cluster to download images from the registry.
upvoted 0 times
...
Zoila
2 months ago
I disagree, I believe the answer is C.
upvoted 0 times
...
Destiny
2 months ago
I think the correct answer is A.
upvoted 0 times
...

Save Cancel