Google Cloud Professional Cloud Architect — Question 153

Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. You have separate clusters for development, staging, and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?

Answer options

• A. Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment.
• B. Implement a corporate policy to prevent teams from deploying Docker images to an environment unless the Docker image was tested in an earlier environment.
• C. Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
• D. Create a Kubernetes admissions controller to prevent the container from starting if it is not approved for usage in the given environment.

Correct answer: C

Explanation

The correct answer is C because configuring binary authorization policies allows for automated enforcement of deployment rules based on the testing status of Docker images across different environments. Options A and D suggest methods that would prevent deployment at runtime but do not enforce pre-deployment testing, while B is a manual solution that may not be as effective or efficient as an automated approach.