Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
As part of your organization's migration to GKE on Google Cloud, application teams are moving services to GKE clusters in service projects. They have successfully tested applications and configurations in sandbox projects. However, in production, GKE node creation fails—while Compute Engine instances can be created, GKE cluster creation operations do not succeed. How should you enable the teams to successfully provision GKE clusters?
A
Ensure that the service project's GKE service account has the compute.securityAdmin, container.hostServiceAgentUser and compute.networkUser IAM permissions in the host project.
B
Ensure that the service project's GKE service account has the compute.securityAdmin, container.hostserviceAgentUser and compute.networkUser IAM permissions in the service project.
C
Ensure that the service project's GKE service account has the compute.networkUser IAM permission in the service project.
D
Review the firewall rules configuration in the VPC. Identify what rule is blocking node creation.