Google Cloud Professional Cloud DevOps Engineer — Question 35

Your team uses Cloud Build for all CI/CD pipelines. You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine
(GKE). You need to authenticate to GKE while minimizing development effort. What should you do?

Answer options

• A. Assign the Container Developer role to the Cloud Build service account.
• B. Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
• C. Create a new service account with the Container Developer role and use it to run Cloud Build.
• D. Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.

Correct answer: A

Explanation

The correct answer is A, as assigning the Container Developer role directly to the Cloud Build service account provides the necessary permissions without requiring additional setup. Options B and D involve unnecessary complexity by modifying the cloudbuild.yaml file or retrieving credentials separately, while option C adds the overhead of managing a new service account, which is not needed in this scenario.