Your uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices- What should you do?
The correct answer is C)
Answer D is incorrect because it involves using the Terraform module for Secret Manager, which is a service that stores and manages sensitive data such as API keys, passwords, and certificates. While Secret Manager can be used to store and retrieve credentials, it is not necessary or sufficient for authorizing the Terraform Jenkins instance. The Terraform Jenkins instance still needs a service account with the appropriate IAM permissions to access Secret Manager and other Google Cloud resources.
You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?
The correct answer is B, Store the password in Secret Manager and mount the secret as a volume within the application.
There are two ways to use secrets from Secret Manager in Cloud Run:
As environment variables: You can set environment variables that point to secrets in Secret Manager. Cloud Run will resolve the secrets at runtime and inject them into the environment of your application. However, this method has some limitations, such as:
The environment variables are cached for up to 10 minutes, so you may not get the latest version of the secret immediately.
The environment variables are visible in plain text in the Cloud Console and the Cloud SDK, which may expose sensitive information.
The environment variables are limited to 4 KB of data, which may not be enough for some secrets.2
As file system volumes: You can mount secrets from Secret Manager as files in a volume within your application. Cloud Run will create a tmpfs volume and write the secrets as files in it. This method has some advantages, such as:
The files are updated every 30 seconds, so you can get the latest version of the secret faster.
The files are not visible in the Cloud Console or the Cloud SDK, which provides better security.
The files can store up to 64 KB of data, which allows for larger secrets.3
Therefore, for your use case, it is better to use the second method and mount the secret as a file system volume within your application. This way, you can ensure that your application has the latest password, and you can deploy it with no downtime.
To mount a secret as a file system volume in Cloud Run, you can use the following command:
gcloud beta run deploy SERVICE --image IMAGE_URL --update-secrets=/path/to/file=secretName:version
where:
SERVICE is the name of your Cloud Run service.
IMAGE_URL is the URL of your container image.
/path/to/file is the path where you want to mount the secret file in your application.
secretName is the name of your secret in Secret Manager.
1: Overview | Secret Manager Documentation | Google Cloud
2: Using secrets as environment variables | Cloud Run Documentation | Google Cloud
3: Mounting secrets from Secret Manager | Cloud Run Documentation | Google Cloud
You deployed an application into a large Standard Google Kubernetes Engine (GKE) cluster. The application is stateless and multiple pods run at the same time. Your application receives inconsistent traffic. You need to ensure that the user experience remains consistent regardless of changes in traffic. and that the resource usage of the cluster is optimized.
What should you do?
You are the Site Reliability Engineer responsible for managing your company's data services and products. You regularly navigate operational challenges, such as unpredictable data volume and high cost, with your company's data ingestion processes. You recently learned that a new data ingestion product will be developed in Google Cloud. You need to collaborate with the product development team to provide operational input on the new product. What should you do?
The correct answer is D, Review the design of the product with the product development team to provide feedback early in the design phase.
According to the Google Cloud DevOps best practices, a Site Reliability Engineer (SRE) should collaborate with the product development team from the beginning of the product lifecycle, not just after the product is deployed or tested. This way, the SRE can provide operational input on the product design, such as scalability, reliability, security, and cost efficiency. The SRE can also help define service level objectives (SLOs) and service level indicators (SLIs) for the product, as well as monitoring and alerting strategies. By collaborating early and often, the SRE and the product development team can ensure that the product meets the operational requirements and expectations of the customers.
You are investigating issues in your production application that runs on Google Kubernetes Engine (GKE). You determined that the source Of the issue is a recently updated container image, although the exact change in code was not identified. The deployment is currently pointing to the latest tag. You need to update your cluster to run a version of the container that functions as intended. What should you do?
Selma
3 days agoKristian
9 days agoJanna
13 days agoKirby
18 days agoPhyliss
1 months agoSkye
1 months agoPeggie
1 months agoSharan
2 months agoMollie
2 months agoNovella
2 months agoLynette
2 months agoFiliberto
2 months agoToi
3 months agoKeva
3 months agoBerry
3 months agoMaynard
3 months agoRosenda
4 months agoMicheline
4 months agoHelga
5 months agoJoana
5 months agoSunny
6 months agoAliza
6 months agoTracie
6 months agoJimmy
9 months ago