Google Professional Cloud DevOps Engineer
Get started today
Ultimate access to all questions.
Your team manages three Google Kubernetes Engine (GKE) environments: development, staging, and production, with GitHub repositories as the source of truth. To maintain consistency across these environments, you need to enforce network policies and deploy a logging DaemonSet on all GKE clusters following Google-recommended practices. What is the recommended approach?
Your team manages three Google Kubernetes Engine (GKE) environments: development, staging, and production, with GitHub repositories as the source of truth. To maintain consistency across these environments, you need to enforce network policies and deploy a logging DaemonSet on all GKE clusters following Google-recommended practices. What is the recommended approach?
Explanation:
The goal is to ensure consistency across development, staging, and production GKE environments by enforcing and installing network policies and a logging DaemonSet, with GitHub as the source of truth. Google-recommended practices emphasize GitOps for configuration management, which involves syncing configurations directly from Git to clusters to maintain desired state and automatically correct drift.
- Option A uses Google Cloud Deploy for deployment and Cloud Monitoring for alerting on drift. However, Cloud Deploy is designed for continuous delivery of applications, not for syncing infrastructure configurations like policies and DaemonSets. Relying on alerts for drift correction is reactive and manual, whereas GitOps tools like Config Sync provide automatic drift correction.
- Option B uses Google Cloud Deploy for the DaemonSet and Policy Controller for network policies, with Cloud Monitoring and Cloud Functions for drift correction. Policy Controller is suitable for enforcing policies but does not handle deployment or syncing from Git. Using Cloud Functions for correction adds unnecessary complexity; GitOps tools like Config Sync automate this natively.
- Option C uses Cloud Build for rendering and deploying the resources initially, then sets up Config Sync to continuously sync configurations from Git. Config Sync (part of Anthos Config Management) is a Google-recommended GitOps tool that ensures configurations are applied consistently across all clusters, detects and corrects drift automatically, and integrates directly with GitHub. This approach aligns with best practices for infrastructure as code and environment consistency.
- Option D uses Cloud Build for deployment and Policy Controller for enforcement. Policy Controller enforces policies (e.g., for network policies) but does not sync configurations from Git or handle deployment of resources like the DaemonSet. This could lead to inconsistencies if the source changes, as there's no continuous syncing mechanism.
Option C is the best choice because Config Sync provides end-to-end GitOps for syncing and enforcing the desired state from GitHub, ensuring consistency without manual intervention. Cloud Build can be used for CI tasks like rendering, but Config Sync handles the core syncing functionality.