Answer-first summary for fast verification
Answer: Create a VPC-native GKE cluster using user-managed IP ranges. Enable privateEndpoint on the cluster master. Set the pod and service ranges as /24. Set up a network proxy to access the master. Enable master authorized networks.
To meet the requirements of creating a GKE cluster in an existing VPC that is accessible from on-premises while ensuring the IP ranges for pods and services are as small as possible, and that the nodes and the master are not reachable from the internet, the correct approach is to create a VPC-native GKE cluster using user-managed IP ranges. This involves enabling privateEndpoint on the cluster master to ensure the master is not reachable from the internet, setting the pod and service ranges as /24 to minimize IP range usage, setting up a network proxy to access the master for kubectl commands from on-premises subnets, and enabling master authorized networks for additional security. Option D correctly outlines these steps.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How do you create a GKE cluster in an existing VPC that is accessible from on-premises while meeting these requirements:
What is the correct configuration for this GKE cluster?
A
Create a private cluster that uses VPC advanced routes. Set the pod and service ranges as /24. Set up a network proxy to access the master.
B
Create a VPC-native GKE cluster using GKE-managed IP ranges. Set the pod IP range as /21 and service IP range as /24. Set up a network proxy to access the master.
C
Create a VPC-native GKE cluster using user-managed IP ranges. Enable a GKE cluster network policy, set the pod and service ranges as /24. Set up a network proxy to access the master. Enable master authorized networks.
D
Create a VPC-native GKE cluster using user-managed IP ranges. Enable privateEndpoint on the cluster master. Set the pod and service ranges as /24. Set up a network proxy to access the master. Enable master authorized networks.
No comments yet.