You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry.
What should you do?
A . In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
B . When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.
C . Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
D . Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
Answer: A
Explanation:
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account. is not right.
As mentioned above, Container Registry ignores permissions set on individual objects within the storage bucket so this isnt going to work.
Ref: https://cloud.google.com/container-registry/docs/access-control
Latest Associate Cloud Engineer Dumps Valid Version with 181 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund