A DevOps team will create a new container to run on Google Kubernetes Engine.
As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://cloud.google.com/solutions/best-practices-for-building-containersThe DevOps team's goal is to minimize the attack surface of the container that will run on Google Kubernetes Engine, as the application will be internet-facing. In this context, the best option is to use small containers built from small base images to reduce the attack surface. Therefore, option B is the correct answer.
Here is a detailed explanation for each option:
A. Use Cloud Build to build the container images: Cloud Build is a service that provides continuous building and testing for applications. It can be used to automate the building of container images, but it does not directly address the goal of minimizing the attack surface of the container. Therefore, this option is not the best choice for this scenario.
B. Build small containers using small base images: Small containers are more secure because they have a smaller attack surface, which reduces the likelihood of an attacker finding a vulnerability to exploit. Small base images, such as Alpine or BusyBox, have fewer packages and dependencies, making them less likely to have known vulnerabilities. By using small containers built from small base images, the DevOps team can minimize the attack surface of the container and improve the security of the application.
C. Delete non-used versions from Container Registry: Deleting non-used versions from the Container Registry is a good practice for managing resources and reducing costs, but it does not directly address the goal of minimizing the attack surface of the container. Therefore, this option is not the best choice for this scenario.
D. Use a Continuous Delivery tool to deploy the application: A Continuous Delivery tool, such as Jenkins or CircleCI, can be used to automate the deployment of the application to Google Kubernetes Engine. While this can help streamline the deployment process, it does not directly address the goal of minimizing the attack surface of the container. Therefore, this option is not the best choice for this scenario.
In conclusion, the DevOps team should choose option B, building small containers using small base images, to minimize the attack surface of the container that will run on Google Kubernetes Engine.