Your team manages a large Google Kubernetes Engine (GKE) cluster. Several application teams currently use the same namespace to develop microservices for the cluster. Your organization plans to onboard additional teams to create microservices. You need to configure multiple environments while ensuring the security and optimal performance of each team’s work. You want to minimize cost and follow Google-recommended best practices. What should you do?
To ensure optimal performance and security for each team's work while minimizing costs and following best practices, you should create a new namespace for each team in the existing cluster and define resource quotas. This approach allows for isolation of each team's resources and workloads, maintains security boundaries, and avoids the additional costs and management overhead associated with creating new GKE clusters for each team. Role-Based Access Controls (RBAC) can be used in conjunction with namespaces to provide fine-grained access control.
Option B is the only one which addresses the part of the question that says 'You need to configure multiple environments'
This is the correct answer as its the only one which addresses the question: "You need to configure multiple environments"
To configure more granular access to Kubernetes resources at the cluster level or within Kubernetes namespaces, you use Role-Based Access Control (RBAC). RBAC allows you to create detailed policies that define which operations and resources you allow users and service accounts to access. With RBAC, you can control access for Google Accounts, Google Cloud service accounts, and Kubernetes service accounts. T
for each team, hence need namespaces and quota
You could give the Role to user or user group.
I'd like to say A, but namespacing is too important to be left aside. I say D.
https://cloud.google.com/kubernetes-engine/docs/best-practices/rbac
security
I worried A or D. I judged these teams are creating a microservice for each function on a learge same application by the explain of "to develop microservices for the cluster" . If it's true, you don't need to separate using namespace. I think the thing you should protect is resources, for example the spanner for develop environment, the spanner for release environment and forbidden other team's the spanner access. In the case I think like that, I think this Q's answer is A.
I go with A. Because of Security, low cost and Google-recommended best practices. I hope there is no need to create additional namespaces since several application teams are already use the same namespace to develop microservices for the cluster.
B is correct
I will go with D.
D: Creating a new namespace for each team within the existing cluster and defining resource quotas is a good way to provide isolation, manage resources, and maintain security without incurring the cost of additional clusters. Rejected: A: While RBAC can help manage access control, it doesn't provide the same level of resource isolation and management as using namespaces. B: Creating a namespace for each environment doesn't account for multiple teams working in the same environment. C: Creating a new GKE cluster for each team could lead to higher costs and complexity. It's more efficient to use namespaces within a single cluster for team isolation.
key word- "optimal performance of each team’s work"
correct answer D