Your company's development teams want to use Cloud Build in their projects to build and push Docker images to Container Registry.
The operations team requires all Docker images to be published to a centralized, securely managed Docker registry that the operations team manages.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://cloud.google.com/container-registry/Option A: This option involves using Container Registry to create a registry in each development team's project. The Cloud Build build will then be configured to push the Docker image to the project's registry. The operations team will be granted access to each development team's registry.
This option is not ideal because it can result in the operations team having to manage multiple Docker registries, which can be difficult to manage and potentially insecure. Additionally, granting access to each development team's registry can be a complex and time-consuming process.
Option B: This option involves creating a separate project for the operations team that has Container Registry configured. The Cloud Build service account in each developer team's project will be assigned appropriate permissions to allow access to the operations team's registry.
This option is a good solution because it provides a centralized, securely managed Docker registry for all development teams to use. The operations team can manage the registry with ease, and the Cloud Build service account can be granted the necessary permissions to push Docker images to the registry.
Option C: This option involves creating a separate project for the operations team that has Container Registry configured. A service account is created for each development team and is assigned the appropriate permissions to allow access to the operations team's registry. The service account key file is stored in the source code repository and is used to authenticate against the operations team's registry.
This option is not ideal because it can result in the service account keys being compromised if they are not properly managed. Additionally, storing the keys in the source code repository can be insecure and may not comply with the company's security policies.
Option D: This option involves creating a separate project for the operations team that has the open source Docker Registry deployed on a Compute Engine virtual machine instance. A username and password are created for each development team, and they are stored in the source code repository and used to authenticate against the operations team's Docker registry.
This option is not ideal because it requires the operations team to manage the Docker registry on a virtual machine instance, which can be time-consuming and difficult to manage. Additionally, storing the usernames and passwords in the source code repository can be insecure and may not comply with the company's security policies.
In conclusion, Option B is the best solution because it provides a centralized, securely managed Docker registry for all development teams to use, and the Cloud Build service account can be granted the necessary permissions to push Docker images to the registry.