devops-engineer video for when establishing a CI/CD pipeline for Terraform deployments of Google Cloud resources on Google Kubernetes Engine (GKE), ensuring
When establishing a CI/CD pipeline for Terraform deployments of Google Cloud resources on Google Kubernetes Engine (GKE), ensuring proper Identity and Access Management (IAM) permissions for the pipeline runs within Pods is critical. Which Google-recommended practices should you follow? (Choose two.)