Question

You set up an application to be deployed in a Kubernetes Cluster with GKE. Your app uses various Cloud services, including Cloud Spanner and Cloud Pub / Sub and you are requested to find an optimized way to run the system.
What is the best way to securely authorize all operations?

A. Write the login credentials of a user enabled to those Services in the Deployment manifest file in YAML format
B. Associate a specific service account with the configuration of the specific node pool (NodeConfig)
C. Create a service account and use the corresponding key with a K8s secret
D. Write the credentials in the source repository or inside the container image

Answer 1

Correct Answer C
A and D are wrong because you are never advised to write the credentials, in the code or in some configuration file and so, expose security information in clear text.
The best method is always through the use of Service Accounts.
You can configure the Service Account to be associated each time a VM is created, but the privileges to be assigned can be different among the various applications in the various pods that may share the same VM. So option B is not the best one.