You use Cloud Build to build and test container images prior to deploying them to Cloud Run. Your images are stored in Artifact Registry. You need to ensure that only container images that have passed testing are deployed. You want to minimize operational overhead. What should you do?
A. Deploy a new revision to a Cloud Run service. Assign a tag that allows access to the revision at a specific URL without serving traffic. Test that revision again. Migrate the traffic to the Cloud Run service after you confirm that the new revision is performing as expected.
B. Enable Binary Authorization on your Cloud Run service. Create an attestation if the container image has passed all tests. Configure Binary Authorization to allow only images with appropriate attestation to be deployed to the Cloud Run service.
C. Create a GKE cluster. Verify that all tests have passed, and then deploy the image to the GKE cluster.
D. Configure build provenance on your Cloud Build pipeline. Verify that all the tests have passed, and then deploy the image to a Cloud Run service.
Answer
B