HOTSPOT
-
You have an Azure subscription that contains the resource groups shown in the following table.
The subscription contains the virtual networks shown in the following table.
You plan to deploy the Azure Kubernetes Service (AKS) clusters shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
NYY VNET is created by default but we can connect to an existing VNET "you can create an AKS cluster that uses kubenet and connect to an existing virtual network subnet" "With kubenet, a route table must exist on your cluster subnet(s). AKS supports bringing your own existing subnet and route table." https://learn.microsoft.com/en-us/azure/aks/configure-kubenet
Your explanation is not clear
Agree with the answer NYY. explaination as follows 1. N subnet is not in the same location as cluster "If you want to select an existing virtual network, make sure it's in the same location and Azure subscription as your Kubernetes cluster." https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni 2. Y azure cni network in same loacation as cluster and within the total pod no. limit 3. Y "Bring your own subnet and route table with kubenet .With kubenet, a route table must exist on your cluster subnet(s). AKS supports bringing your own existing subnet and route table." https://learn.microsoft.com/en-us/azure/aks/configure-kubenet#prerequisites
When you create and use your own VNet and route table with the kubenet network plugin, you need to use a user-assigned control plane identity. For a system-assigned control plane identity, you can't retrieve the identity ID before creating a cluster, which causes a delay during role assignment. Both system-assigned and user-assigned managed identities are supported when you create and use your own VNet and route table with the Azure network plugin. We highly recommend using a user-assigned managed identity for BYO scenarios.
1. NO 2. YES It is because https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni "If you want to select an existing virtual network, make sure it's in the same location and Azure subscription as your Kubernetes cluster" 3. NO - https://learn.microsoft.com/en-us/azure/aks/configure-kubenet "By default, AKS clusters use kubenet, and an Azure virtual network and subnet are created for you."
Agree . - Kubenet is a NAT style networking allowing access to pods through translation node interfaces/VIPs and ports - CNI provides dedicated Network interfaces for Pods integrating Azure VNETs 1. NO = is CNI but Region of the VNET2 is not the same than the one of AKS1 2. YES = is CNI and VNET1 region is the same than AKS2 3. NO = uses kubenet is an internal network piece that doesn't require VNETs
You are right! Kubenet (basic) networking The kubenet networking option is the default configuration for AKS cluster creation. With kubenet: Nodes receive an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space than the nodes' Azure virtual network subnet. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure virtual network. The source IP address of the traffic is translated to the node's primary IP address. https://learn.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking
3 is yes: "As a compromise, you can create an AKS cluster that uses kubenet and connect to an existing virtual network subnet. This approach lets the nodes receive defined IP addresses, without the need to reserve a large number of IP addresses up front for all of the potential pods that could run in the cluster."
Exactly in the same doc you linked: "As a compromise, you can create an AKS cluster that uses kubenet and connect to an existing virtual network subnet. This approach lets the nodes receive defined IP addresses, without the need to reserve a large number of IP addresses up front for all of the potential pods that could run in the cluster."
I thought AKS is out of scope now for AZ-104.
AKS is in the scope of AZ-104. https://learn.microsoft.com/pt-br/credentials/certifications/resources/study-guides/az-104
ChatGPT says: 1. No 2. Technically Yes 3. Yes 1. You can deploy AKS1 to VNet2? = No AKS1 is in RG1 and located in West US. VNet2 is in RG2 and located in Central US. 2. You can deploy AKS2 to VNet1? = Technically Yes AKS2 is in RG2 and located in West US. VNet1 is in RG1 and located in West US. The regions match up, as both are in West US. However, AKS and the VNet are in different resource groups. While it is technically possible to deploy an AKS cluster in one resource group and have it use a VNet in another resource group, the setup is complex and requires the VNet to be specially prepared and permissions set correctly. Answer: Technically Yes, but it's complex and not a straightforward process. 3. You can deploy AKS3 to VNet3? = Yes AKS3 is in RG3 and located in East US. VNet3 is also in RG3 and located in East US.
Should be No, Yes, Yes. 3 Yes, because Kubenet can use an existing VNET with the only requirement that it should be in the same region. See also: https://learn.microsoft.com/en-us/azure/aks/configure-kubenet: <<<snip>> As a compromise, you can create an AKS cluster that uses kubenet and connect to an existing virtual network subnet. This approach lets the nodes receive defined IP addresses, without the need to reserve a large number of IP addresses up front for all of the potential pods that could run in the cluster.<<snip>>
No Yes Yes The MS link clearly states that with kubenet you can use existing virtual network subnet https://learn.microsoft.com/en-us/azure/aks/configure-kubenet "As a compromise, you can create an AKS cluster that uses kubenet and connect to an existing virtual network subnet. This approach lets the nodes receive defined IP addresses without the need to reserve a large number of IP addresses up front for any potential pods that could run in the cluster. With kubenet, you can use a much smaller IP address range and support large clusters and application demands."
For 3,Is it necessary for VNET3 to be in the same location as AKS3?
NYN https://learn.microsoft.com/en-us/azure/aks/configure-kubenet https://learn.microsoft.com/en-us/azure/aks/configure-kubenet
No3: No, you cannot deploy AKS3 to VNet3 as it is currently configured. The subnet IP address range of VNet3 (10.3.0.0/24) is not large enough to support the deployment of AKS3 with 50 nodes. The recommended subnet size for an AKS cluster with 50 nodes is at least /19 (8192 IP addresses). To deploy AKS3 to VNet3, you would need to: Create a new subnet with a larger IP address range (e.g. /19) within VNet3. Update the network configuration of AKS3 to use the new subnet. Only then can you successfully deploy AKS3 to VNet3.
Given answer is right
Correct
1. N = "f you want to select an existing virtual network, make sure it's in the same location and Azure subscription as your Kubernetes cluster." 2. Y = same reason 3. "To provide network connectivity, AKS clusters can use kubenet (basic networking) or Azure CNI (advanced networking)." https://learn.microsoft.com/en-us/azure/aks/azure-cni-overview https://learn.microsoft.com/en-us/azure/aks/configure-kubenet#prerequisites
People who pass the exam did you study all questions here? and if yes, did you see word for word or different wording but questions from here?
NYN 3.- AKS clusters use kubenet and create an Azure virtual network and subnet for you by default. With kubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so the pods can reach resources on the Azure virtual network. The source IP address of the traffic is NAT'd to the node's primary IP address. This approach greatly reduces the number of IP addresses you need to reserve in your network space for pods to use. https://learn.microsoft.com/en-us/azure/aks/configure-kubenet
NYN 1 and 2.- location of kubenet and vnet shoud be the same. 3.- AKS clusters use kubenet and create an Azure virtual network and subnet for you by default. With kubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so the pods can reach resources on the Azure virtual network.
maximum nodes per node pool is 1000: https://learn.microsoft.com/en-us/azure/aks/quotas-skus-regions
NYN kubenet: It create a new vnet for cluster CNI: you can use existing or create new 1. As vnet is different Region so BIG NO 2. Yes as ypu are uing CNI 3. No, Coz kubenet will create a new vnet for cluster. if you want to text chose "kubenet" under networking while creating cluster. later you will see a new vnet in a RG separately created for AKS.