Your team uses Cloud Build for all CI/CD pipelines.
You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine (GKE)
You need to authenticate to GKE while minimizing development effort.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
To deploy new images to Google Kubernetes Engine (GKE) using Cloud Build with kubectl builder, authentication to GKE is required. However, the development effort should be minimized while doing so.
Option A: Assign the Container Developer role to the Cloud Build service account.
Assigning the Container Developer role to the Cloud Build service account is a valid approach. By assigning the Container Developer role to the Cloud Build service account, it will have permission to deploy images to GKE. However, this approach may not minimize the development effort as it still requires manual intervention to assign the role. Therefore, this option is not the best solution for this situation.
Option B: Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
Specifying the Container Developer role for Cloud Build in the cloudbuild.yaml file is not a valid approach as this file is used for defining build steps and not for assigning roles to the Cloud Build service account.
Option C: Create a new service account with the Container Developer role and use it to run Cloud Build.
Creating a new service account with the Container Developer role and using it to run Cloud Build is a valid approach. By creating a new service account with the Container Developer role, it will have permission to deploy images to GKE. This approach minimizes the development effort as the service account can be created with the necessary permissions, and no manual intervention is required.
Option D: Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.
Creating a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl is a valid approach. This option may minimize the development effort as it can automate the process of retrieving the necessary credentials. However, it may not be the most secure approach as the credentials may be exposed.
Therefore, the best solution for this situation is to create a new service account with the Container Developer role and use it to run Cloud Build. This approach minimizes the development effort and is secure.