Answer-first summary for fast verification
Answer: Configure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster subnet.
The correct answer is A. Configuring the GKE cluster as a private cluster and setting up a Cloud NAT Gateway for the cluster subnet will allow your applications to access third-party services on the internet without exposing any Compute Engine instances to the public internet. Cloud NAT (Network Address Translation) enables outbound internet access for instances that do not have external IP addresses, which complies with your company's security policy. Options B and C do not meet the requirement of accessing third-party services as Private Google Access only allows access to Google APIs and services. Option D involves creating a NAT Proxy on a Compute Engine instance, which contradicts the requirement of not using public IP addresses.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team has developed a new application that needs to run on a Google Kubernetes Engine (GKE) cluster. This application requires access to third-party services on the internet. However, your company's security policy mandates that no Compute Engine instances should have a public IP address on Google Cloud. Given these restrictions, what is the appropriate deployment strategy for your GKE cluster?
A
Configure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster subnet.
B
Configure the GKE cluster as a private cluster. Configure Private Google Access on the Virtual Private Cloud (VPC).
C
Configure the GKE cluster as a route-based cluster. Configure Private Google Access on the Virtual Private Cloud (VPC).
D
Create a Compute Engine instance, and install a NAT Proxy on the instance. Configure all workloads on GKE to pass through this proxy to access third-party services on the Internet.
No comments yet.