Exam Professional Cloud Network Engineer topic 1 question 68 discussion

Actual exam question from Google's Professional Cloud Network Engineer

Question #: 68
Topic #: 1

[All Professional Cloud Network Engineer Questions]

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
✑ IP ranges for pods and services must be as small as possible.
✑ The nodes and the master must not be reachable from the internet.
✑ You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

A. "¢ Create a private cluster that uses VPC advanced routes. "¢ Set the pod and service ranges as /24. "¢ Set up a network proxy to access the master.
B. "¢ Create a VPC-native GKE cluster using GKE-managed IP ranges. "¢ Set the pod IP range as /21 and service IP range as /24. "¢ Set up a network proxy to access the master.
C. "¢ Create a VPC-native GKE cluster using user-managed IP ranges. "¢ Enable a GKE cluster network policy, set the pod and service ranges as /24. "¢ Set up a network proxy to access the master. "¢ Enable master authorized networks.
D. "¢ Create a VPC-native GKE cluster using user-managed IP ranges. "¢ Enable privateEndpoint on the cluster master. "¢ Set the pod and service ranges as /24. "¢ Set up a network proxy to access the master. "¢ Enable master authorized networks.

Show Suggested Answer

Suggested Answer: D 🗳️

by ESP_SAP at Nov. 3, 2020, 9:02 p.m.

Comments

Submit Cancel

ESP_SAP

Highly Voted 3 years, 7 months ago

Correct Answer is (D): Creating GKE private clusters with network proxies for controller access When you create a GKE private cluster with a private cluster controller endpoint, the cluster's controller node is inaccessible from the public internet, but it needs to be accessible for administration. By default, clusters can access the controller through its private endpoint, and authorized networks can be defined within the VPC network. To access the controller from on-premises or another VPC network, however, requires additional steps. This is because the VPC network that hosts the controller is owned by Google and cannot be accessed from resources connected through another VPC network peering connection, Cloud VPN or Cloud Interconnect. https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies

upvoted 22 times

AzureDP900

1 year, 6 months ago

Agree with D

upvoted 1 times

...

JohnnyBG

2 years, 10 months ago

All that document is saying is that you need to export your route to Google's VPC where the master is. Private endpoint is not required .. I would go with C on this one.

upvoted 4 times

JohnnyBG

2 years, 10 months ago

scratch that .. the peering between Google's VPC is done via a privare endpoint .. D is OK I guess

upvoted 1 times

...

lukedj87

3 years, 7 months ago

Agree with D

upvoted 1 times

...

bus_karan19

Most Recent 8 months, 1 week ago

Selected Answer: D

D is the best bet as we need enable private end point

upvoted 1 times

...

gcpengineer

9 months, 2 weeks ago

Selected Answer: A

create private cluster. A is ans

upvoted 1 times

...

aparna20

1 year, 2 months ago

Selected Answer: D

Agree with D

upvoted 2 times

...

pk349

1 year, 5 months ago

• D. Create a VPC-native GKE cluster using user-managed IP ranges. Enable privateEndpoint ******* on the cluster master. Set the pod and service ranges as /24. Set up a network proxy to access the master. Enable master authorized networks.

upvoted 1 times