Answer-first summary for fast verification
Answer: Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --disable-default-snat, --enable-ip-alias, and --enable-private-nodes.
The correct approach involves using privately used public IP ranges for the GKE clusters and configuring the cluster with the necessary flags to ensure proper network behavior. The `--disable-default-snat` flag is essential to prevent SNAT for non-RFC1918 IPs, which is critical when using public IPs internally. The `--enable-ip-alias` and `--enable-private-nodes` flags are also required to enable IP aliasing and ensure nodes do not have public IPs, respectively. Option D correctly includes all these necessary configurations, making it the right choice. Options A and B are not viable due to the exhaustion of RFC 1918 address space, and Option C lacks the `--disable-default-snat` flag, which is crucial for the correct operation of the cluster with privately used public IPs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
After designing an IP address scheme using privately used public IP space for new private GKE clusters due to RFC 1918 address exhaustion, what is the Google-recommended practice to implement next?
A
Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters. Re-use the secondary address range for the pods across multiple private GKE clusters.
B
Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters, Re-use the secondary address range for the services across multiple private GKE clusters.
C
Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --enable-ip-alias and --enable-private-nodes.
D
Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --disable-default-snat, --enable-ip-alias, and --enable-private-nodes.
No comments yet.