Google Cloud Professional Cloud DevOps Engineer — Question 134

Your organization is using Helm to package containerized applications. Your applications reference both public and private charts. Your security team flagged that using a public Helm repository as a dependency is a risk. You want to manage all charts uniformly, with native access control and VPC Service Controls. What should you do?

Answer options

• A. Store public and private charts in OCI format by using Artifact Registry.
• B. Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider.
• C. Store public and private charts by using Git repository. Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket. Connect Helm to the bucket by using https://[bucket].storage-googleapis.com/[helmchart] as the Helm repository.
• D. Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend.

Correct answer: A

Explanation

The correct answer is A because Artifact Registry allows for secure storage of both public and private charts with integrated access control and VPC Service Controls, addressing the security concerns. Options B and C do not provide the same level of uniform management and access control, while option D, although viable, may not offer the same direct benefits as using Artifact Registry for dependency management.