Google Cloud Professional Cloud Developer — Question 84

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE). What should you do?

Answer options

• A. Assign a Google service account to the GKE nodes.
• B. Use a Google service account to run the Pod with Workload Identity.
• C. Store the Google service account credentials as a Kubernetes Secret.
• D. Use a Google service account with GKE role-based access control (RBAC).

Correct answer: B

Explanation

The correct answer is B because using a Google service account with Workload Identity allows your Pods to securely access Google Cloud services without needing to manage service account keys. Option A is incorrect as assigning a service account to nodes does not provide access to Pods. Option C is wrong since storing credentials as a Secret is less secure than using Workload Identity. Option D is not the best choice as RBAC controls permissions for accessing GKE resources rather than directly facilitating service access.