Exam Professional Cloud Network Engineer topic 1 question 45 discussion

"D" is correct https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

In a GKE private cluster, the master is not accessible from the public internet, so you need to explicitly allow access from specific networks to the Kubernetes master. You do this by adding the IP of your instance (or the subnet it belongs to) in the "Master authorized networks" section of the GKE cluster. This will allow the instance to communicate with the master over the private network.

updated the authorized networks

D. Create the appropriate master authorized network entries to allow the instance to communicate with the master. In a Google Kubernetes Engine (GKE) private cluster, the master is not directly accessible from the public internet. Instead, communication with the master is restricted to specific IP addresses defined in the master authorized network. To resolve the issue of the master not responding, you should ensure that the instance's IP address is included in the master authorized network entries. Option D, creating the appropriate master authorized network entries, allows you to specify which IP addresses are allowed to connect to the GKE master. By including the IP address of the instance in these entries, you enable communication between the instance and the GKE master, resolving the problem.

C is the ans as the other options r not appropriate

When you create a private cluster in Google Kubernetes Engine, the master nodes are not accessible from the public internet. To access the master nodes, you need to create one or more master authorized networks. These networks can be the VPC networks that the worker nodes are using or a different VPC network. To solve the problem of the non-responsive master node, you should create the appropriate master authorized network entries to allow the instance to communicate to the master. This will enable the instance to reach the master node and retrieve the status of the pods using kubectl. Options A, B, and C are not correct because assigning a public IP address to the instance, creating a route to reach the master, or creating a firewall policy in the VPC would not enable the instance to communicate with the master node in a private cluster.

D: Private clusters run nodes that only have internal IP addresses and—similar to authorized networks—do not allow untrusted IP addresses from outside Google Cloud to access the control plane endpoint. Using authorized *** networks in private clusters makes your control plane reachable only by the following: • Addresses inside Google Cloud, such as Compute Engine virtual machines (VMs) Adding authorized networks can provide additional security benefits for your cluster. Authorized networks grant access to a specific set of addresses that you designate, such as those that originate from your environment. This can help protect access to your cluster in the case of a vulnerability in the cluster's authentication or authorization mechanisms.

When private cluster is activated, you can only access the master through dedicated IP ranges https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

Answer is : D

Answer is D. Private clusters run nodes that only have internal IP addresses, and do not allow public IPs over the internet to access the control plane endpoint. Additionally, private clusters do not allow Google Cloud IP addresses to access the control plane endpoint by default. Using authorized networks in private clusters makes your control plane reachable only by allowed CIDRs, by nodes and Pods within your cluster's VPC, and by Google's internal production jobs that manage your control plane. https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

I will go with `D`. But this question is not very good. There are private cluster, public endpoint; private cluster, private endpoint. I believe they intened to ask for private cluster, private endpoint. If that is the case, then D for sure.

I will go with `D`. But this question is not very good. There are private cluster, public endpoint; private cluster, private endpoint. I believe they intened to ask for private cluster, private endpoint. If that is the case, then D for sure.

D 100% If you disable public endpoint access, then you must configure authorized networks for the private endpoint. If you don't do this, you can only connect to the private endpoint from cluster nodes or VMs in the same subnet as the cluster https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept#overview

D is the one

ans- D

Ans - D

D is correct answer here.