Answer-first summary for fast verification
Answer: Create three distinct Projects, each hosting a GKE cluster for one of the environments.
Options A, B, and C are incorrect because IAM permissions cannot be managed at the VPC or subnet level. While using namespaces within a GKE cluster to separate environments is technically possible, it does not align with best practices for environment segregation. Option D is correct as the best practice for managing environments and IAM policies is at the Project level. Reference: [Google Cloud Best Practices for Enterprise Organizations](https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#project-structure).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a member of the DevOps team at an expanding analytics company, you're tasked with migrating docker applications from on-premises Virtual Machines to Google Kubernetes Engine (GKE). The company operates across three environments: development, staging, and production. A critical requirement is the separation of these environments to facilitate access restriction via IAM policies. According to Google Cloud Platform (GCP) best practices, which of the following approaches would best meet this requirement?
A
Establish a single VPC within a Project, dividing it into three subnets, and deploy a GKE cluster in each subnet for the respective environments.
B
Set up three separate VPCs within a single Project, each with its own subnet, and deploy a GKE cluster in each VPC for the different environments.
C
Deploy a single GKE cluster and utilize three namespaces within it to segregate the different environments.
D
Create three distinct Projects, each hosting a GKE cluster for one of the environments.
No comments yet.