Explanation:
The issue is that on-premises developers cannot resolve the Artifact Registry hostname due to DNS resolution failures. Since there's no custom DNS configuration on-premises and no direct internet route, the on-premises DNS servers lack the necessary records for Google's private APIs. Option A correctly identifies that creating DNS records for restricted.googleapis.com or private.googleapis.com pointing to Google's published IP ranges will resolve the hostname resolution issue. The community discussion shows 100% consensus on answer A with multiple upvoted comments supporting this solution. Option B is incorrect as IAM roles don't affect DNS resolution. Option C is not applicable since Private Google Access is for VMs within Google Cloud, not on-premises networks. Option D is incorrect as firewall rules for HTTP/HTTPS access won't resolve DNS resolution problems.
Ultimate access to all questions.
Your organization operates a hybrid environment connected via Cloud VPN or Interconnect. On-premises developers cannot resolve the Artifact Registry hostname to push or pull artifacts. There is no custom DNS on-premises and no direct internet route. What is the likely cause and how do you resolve it?
A
On-premises DNS servers lack the necessary records to resolve private Google API domains. Create DNS records for restricted.googleapis.com or private.googleapis.com pointing to Google's published IP ranges.
B
Developers must be granted the artifactregistry.writer IAM role. Grant the relevant developer group this role.
C
Private Google Access is not enabled for the subnet hosting the Artifact Registry. Enable Private Google Access for the appropriate subnet.
D
Artifact Registry requires external HTTP/HTTPS access. Create a new firewall rule allowing ingress traffic on ports 80 and 443 from the developer's IP ranges.
No comments yet.