Answer-first summary for fast verification
Answer: Configure nonMasqueradeCIDRs in the ip-masq-agent ConfigMap. Include the 35.100.0.0/16 range in the list.
The correct approach involves configuring the ip-masq-agent's nonMasqueradeCIDRs to include the 35.100.0.0/16 range. This prevents the GKE nodes from applying SNAT to traffic destined for this range, thereby allowing Cloud NAT to handle the NAT as required. Option A correctly describes this action. Options B, C, and D either incorrectly remove the range from nonMasqueradeCIDRs, suggest unnecessary exclusion rules, or incorrectly imply that SNAT needs to be enabled with the same configuration, which is not the case for this scenario.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To configure access to the remote address range 35.100.0.0/16 through Cloud NAT instead of using the external IP addresses of your VPC-native GKE Standard cluster nodes (with SNAT enabled), what steps should you take?
Note: Ensure the cluster's SNAT configuration aligns with Cloud NAT requirements.
A
Configure nonMasqueradeCIDRs in the ip-masq-agent ConfigMap. Include the 35.100.0.0/16 range in the list.
B
Configure nonMasqueradeCIDRs in the ip-masq-agent ConfigMap. Remove the 35.100.0.0/16 range from the list.
C
Configure Cloud NAT and create an exclusion rule for any SNAT address translation.
D
Configure Cloud NAT with nonMasqueradeCIDRs, and enable SNAT with the same configuration to allow traffic to 35.100.0.0/16.
No comments yet.