PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #29: Real Exam Question with Answer & Explanation

Question

Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments. What should you do?

Options

• ACreate one GCP Project per team. In each project, create a cluster for Development and one for
• BCreate one GCP Project per team. In each project, create a cluster with a Kubernetes namespace
• CCreate a Development and a Production GKE cluster in separate projects. In each cluster, create
• DCreate a Development and a Production GKE cluster in separate projects. In each cluster, create

Explanation

The goals are: team isolation, separate dev/prod environments, and cost minimization. Creating one GKE cluster per environment (dev and prod) in separate GCP projects provides strong isolation at both the project level (IAM, billing, network) and the environment level. Within each cluster, Kubernetes namespaces with RBAC (Role-Based Access Control) provide team-level isolation, preventing cross-team access without the cost of running a separate cluster per team. Option A (one project per team, two clusters per team) multiplies cluster costs significantly. Option B (one project per team, shared cluster) does not properly separate dev from prod. Option C may lack the RBAC enforcement needed for team isolation within the cluster. Option D combines project-level environment separation with namespace-level team isolation - achieving both strong access control and cost efficiency.

No community discussion yet for this question.