Site icon Exam4Training

How should you create the GKE cluster?

You need to create a GKE cluster in an existing VPC that is accessible from on-premises.

You must meet the following requirements:

✑ IP ranges for pods and services must be as small as possible.

✑ The nodes and the master must not be reachable from the internet.

✑ You must be able to use kubectl commands from on-premises subnets to manage the cluster.

How should you create the GKE cluster?
A . • Create a private cluster that uses VPC advanced routes.
• Set the pod and service ranges as /24.
• Set up a network proxy to access the master.
B. • Create a VPC-native GKE cluster using GKE-managed IP ranges.
• Set the pod IP range as /21 and service IP range as /24.
• Set up a network proxy to access the master.
C. • Create a VPC-native GKE cluster using user-managed IP ranges.
• Enable a GKE cluster network policy, set the pod and service ranges as /24.
• Set up a network proxy to access the master.
• Enable master authorized networks.
D. • Create a VPC-native GKE cluster using user-managed IP ranges.
• Enable privateEndpoint on the cluster master.
• Set the pod and service ranges as /24.
• Set up a network proxy to access the master.
• Enable master authorized networks.

Answer: D

Explanation:

Creating GKE private clusters with network proxies for controller access When you create a GKE private cluster with a private cluster controller endpoint, the cluster’s controller node is inaccessible from the public internet, but it needs to be accessible for administration. By default, clusters can access the controller through its private endpoint, and authorized networks can be defined within the VPC network. To access the controller from on-premises or another VPC network, however, requires additional steps. This is because the VPC network that hosts the controller is owned by Google and cannot be accessed from resources connected through another VPC network peering connection, Cloud VPN or Cloud Interconnect. https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies

Exit mobile version