An application requires access to Cloud SQL from GKE pods. Which approach BEST follows Google's security best practices?
-
A
Mount a service account key as a Kubernetes secret
-
B
Use Workload Identity to bind a Kubernetes service account to a GCP service account
-
C
Grant the GKE node pool's default service account Cloud SQL Editor
-
D
Use a static username and password stored in environment variables