Topic 1 Question 60
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce-network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?
- In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend. 2. Set the service's externalTrafficPolicy to Cluster. 3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
- In GKE, create a Service of type NodePort that uses the application's Pods as backend. 2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC. 3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes. 4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.
- In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend. 2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal 3. Peer the two VPCs together. 4. Configure the Compute Engine instance to use the address of the load balancer that has been created.
- In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend. 2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances. 3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
ユーザの投票
コメント(17)
I believe it's A. It's never mentioned in the question that traffic cannot go through the Internet but it's mentioned that effort should be minimized. A requires a lot less effort than C to accomplish the same (no VPC peering, per example).
👍 53someoneinthecloud2020/08/01i think C is better solution, the solution A pass trafic trought public internet, also C by internal network and the "no overlap ips" in the statament suggest that.
👍 43juancambb2020/05/17- 正解だと思う選択肢: A
A is correct Option A is the best solution to minimize effort. In GKE, creating a Service of type LoadBalancer that uses the application's Pods as backend and setting the service's externalTrafficPolicy to Cluster will expose the TCP endpoint of the application with a public IP address. Then, configuring the Compute Engine instance to use the address of the load balancer that has been created will allow it to connect to the application on GKE. Option B requires creating a separate instance as a proxy and using iptables to forward traffic, which adds unnecessary complexity. Option C involves peering the two VPCs together, which may not be desirable or feasible in all cases. Option D adds additional complexity by adding a Cloud Armor Security Policy to the load balancer.
👍 3Bobbybash2023/02/12
シャッフルモード