Sure Pass Exam Professional-Cloud-DevOps-Engineer PDF

The best option for making the third-party application work while following Google-recommended security practices is to add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key. The iam.disableServiceAccountKeyCreation policy is an organization policy that controls whether service account keys can be created in a project or organization. By default, this policy is set to on, which means that service account keys cannot be created. However, you can override this policy at a lower level, such as a project, by adding a rule to set it to off. This way, you can create a service account key for your project without affecting other projects or organizations. You should also follow the best practices for managing service account keys, such as rotating them regularly, storing them securely, and deleting them when they are no longer needed.

https://cloud.google.com/anthos/clusters/docs/on-prem/1.7/concepts/logging-and-monitoring

The best deployment model for releasing a new version of your application in GKE with the ability to instantly roll back to the previous version is to perform a blue/green deployment and test your new application after the deployment is complete. A blue/green deployment is a deployment strategy that involves creating two identical environments, one running the current version of the application (blue) and one running the new version of the application (green). The traffic is switched from blue to green after testing the new version, and if any issues are discovered, the traffic can be switched back to blue instantly. This way, you can minimize downtime and risk during deployment.

The best option for deploying a new version of your containerized application to production on GKE and ensuring that the application does not have performance problems after deployment is to deploy the application through a continuous delivery pipeline by using canary deployments, use Cloud Monitoring to look for performance issues, and ramp up traffic as supported by the metrics. A canary deployment is a deployment strategy that involves releasing a new version of an application to a subset of users or servers and monitoring its performance and reliability. This way, you can test the new version in the production environment with real traffic and load, and gradually increase the traffic as the metrics indicate. You can use Cloud Monitoring to collect and analyze metrics from your application and GKE cluster, such as latency, error rate, CPU utilization, and memory usage. You can also use Cloud Monitoring to set up alerts and dashboards to track the performance of your application.