Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
You are planning to establish a Google Kubernetes Engine (GKE) cluster, which mandates verifiable node identity and integrity. Additionally, the cluster's nodes must remain inaccessible from the public internet. To ensure your approach aligns with Google-recommended practices while minimizing the operational costs associated with managing the cluster, what steps should you take?
You are planning to establish a Google Kubernetes Engine (GKE) cluster, which mandates verifiable node identity and integrity. Additionally, the cluster's nodes must remain inaccessible from the public internet. To ensure your approach aligns with Google-recommended practices while minimizing the operational costs associated with managing the cluster, what steps should you take?
Explanation:
Deploying a private autopilot cluster is the correct choice. In a private cluster, nodes only have internal IP addresses, making them inaccessible from the internet by default. Autopilot clusters in GKE have shielded nodes enabled by default, providing verifiable node identity and integrity, which strengthens security. Furthermore, using the autopilot mode reduces the operational cost as it automates management tasks, adhering to Google-recommended practices. Hence, Option A is the best fit.