PROFESSIONAL-CLOUD-ARCHITECT · Question #243
PROFESSIONAL-CLOUD-ARCHITECT Question #243: Real Exam Question with Answer & Explanation
The correct answer is A: Configure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster. A Cloud NAT gateway can perform NAT for nodes and Pods in a private cluster, which is a type of VPC- native cluster. The Cloud NAT gateway must be configured to apply to at least the following subnet IP address ranges for the subnet that your cluster uses: Subnet primary IP addre
Question
Your team needs to create a Google Kubernetes Engine (GKE) cluster to host a newly built application that requires access to third-party services on the internet. Your company does not allow any Compute Engine instance to have a public IP address on Google Cloud. You need to create a deployment strategy that adheres to these guidelines. What should you do?
Options
- AConfigure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster
- BConfigure the GKE cluster as a private cluster. Configure Private Google Access on the Virtual
- CConfigure the GKE cluster as a route-based cluster. Configure Private Google Access on the
- DCreate a Compute Engine instance, and install a NAT Proxy on the instance. Configure all
Explanation
A Cloud NAT gateway can perform NAT for nodes and Pods in a private cluster, which is a type of VPC- native cluster. The Cloud NAT gateway must be configured to apply to at least the following subnet IP address ranges for the subnet that your cluster uses: Subnet primary IP address range (used by nodes) Subnet secondary IP address range used for Pods in the cluster Subnet secondary IP address range used for Services in the cluster The simplest way to provide NAT for an entire private cluster is to configure a Cloud NAT gateway to apply to all of the cluster's subnet's IP address https://cloud.google.com/nat/docs/overview
Community Discussion
No community discussion yet for this question.