Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. You have separate clusters for development, staging, and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline..
Why this is the answer
Binary Authorization enforces policies that require images to be signed by trusted authorities before deployment. By configuring Binary Authorization policies for each environment (development, staging, production) and integrating attestation creation into the CI pipeline, you ensure that an image must pass through and be attested in development and staging before it can be deployed to production. This provides a strong, automated control without removing team autonomy. Kubernetes lifecycle hooks and admission controllers could be used, but they require custom development and maintenance, making them less quick to implement and higher effort than Binary Authorization. A corporate policy alone is a procedural control and doesn't offer the automated enforcement needed to prevent the issue.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed