Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
How do you create a GKE cluster in an existing VPC that is accessible from on-premises while meeting these requirements:
- Minimize IP ranges for pods and services.
- Ensure nodes and the control plane are not internet-accessible.
- Enable kubectl access from on-premises subnets for cluster management.
What is the correct configuration for this GKE cluster?
How do you create a GKE cluster in an existing VPC that is accessible from on-premises while meeting these requirements:
- Minimize IP ranges for pods and services.
- Ensure nodes and the control plane are not internet-accessible.
- Enable kubectl access from on-premises subnets for cluster management.
What is the correct configuration for this GKE cluster?
Explanation:
To meet the requirements of creating a GKE cluster in an existing VPC that is accessible from on-premises while ensuring the IP ranges for pods and services are as small as possible, and that the nodes and the master are not reachable from the internet, the correct approach is to create a VPC-native GKE cluster using user-managed IP ranges. This involves enabling privateEndpoint on the cluster master to ensure the master is not reachable from the internet, setting the pod and service ranges as /24 to minimize IP range usage, setting up a network proxy to access the master for kubectl commands from on-premises subnets, and enabling master authorized networks for additional security. Option D correctly outlines these steps.