Your team needs to create a Google Kubernetes Engine (GKE) cluster to host a newly built application that requires access to third-party services on the internet.
Your company does not allow any Compute Engine instance to have a public IP address on Google Cloud. You need to create a deployment strategy that adheres to these guidelines. What should you do?
To adhere to the company's policy of not allowing any Compute Engine instance to have a public IP address while still allowing the GKE cluster to access third-party services on the internet, the best approach is to configure the GKE cluster as a private cluster and set up a Cloud NAT Gateway for the cluster subnet. Cloud NAT enables private instances to access the internet while keeping their private IP addresses, thereby complying with the internal policy and meeting the requirement of accessing external services.
Cloud NAT is the correct answer
** Admins: More than 60% of the answers you have selected are wrong. Please correct them ASAP. I must appreciate community here for taking out time to share their perspective and help fellow learners. "B" can never be an answer here as the Private Google Access enables internal access to Google APIs only whereas in question the ask is "access to third-party services on the internet"
This is most likely on purpose. Otherwise google will do something in order for the exam dump to be shutdown.
If they provide the correct answer, you will never see this website any more
True, but then if it were shut down literally nobody could pass this ridiculous test where half the questions are so badly worded and confusing with debatable options.
A is the correct answer, Granting private nodes outbound internet access To provide outbound internet access for your private nodes, such as to pull images from an external registry, use Cloud NAT to create and configure a Cloud Router. Cloud NAT lets private clusters establish outbound connections over the internet to send and receive packets. The Cloud Router allows all your nodes in the region to use Cloud NAT for all primary and alias IP ranges. It also automatically allocates the external IP addresses for the NAT gateway. For instructions to create and configure a Cloud Router, refer to Create a Cloud NAT configuration using Cloud Router in the Cloud NAT documentation. https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#private-nodes-outbound
A is the correct answer
answer should be "B" https://cloud.google.com/vpc/docs/private-access-options
A. https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#workloads_on_private_clusters_unable_to_access_internet
I am not sure who's writing these answers Private Google Access is useful for allowing Google Cloud resources, including GKE clusters, to access Google services without public IPs, but it doesn't provide access to third-party services on the internet.
Private Google Access allows resources in a VPC network to access Google Cloud services without an external IP address. By configuring the GKE cluster as a private cluster, the nodes and services inside the cluster will not have a public IP address, and only resources within the VPC network will be able to communicate with them. With Private Google Access enabled, the GKE cluster can access third-party services on the internet via Google APIs and services without requiring a public IP address. Therefore, the correct option is: B. Configure the GKE cluster as a private cluster. Configure Private Google Access on the Virtual Private Cloud (VPC).
Selected Answer: A. Cloud NAT allows the resources in private subnet to access the internet—for updates, patching, config management, and more—in a controlled and efficient manner.
Cloud NAT allows the resources in private subnet to access the internet—for updates, patching, config management, and more—in a controlled and efficient manner.
Yeah agree as GKE admin
Cloud NAT A
go for Cloud NAT
B is only part of the solution, but needs Cloud Nat to get access on the internet with third-party services, then the correct answer is A . See doc: https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept
Needs Nat to connect to 3rd party apps
It is A
Cloud NAT to access to the internet
Cloud NAT, Private Service Connect is for Google API Access.