Topic 1 Question 95
Your team deploys applications to three Google Kubernetes Engine (GKE) environments: development, staging, and production. You use GitHub repositories as your source of truth. You need to ensure that the three environments are consistent. You want to follow Google-recommended practices to enforce and install network policies and a logging DaemonSet on all the GKE clusters in those environments. What should you do?
Use Google Cloud Deploy to deploy the network policies and the DaemonSet. Use Cloud Monitoring to trigger an alert if the network policies and DaemonSet drift from your source in the repository.
Use Google Cloud Deploy to deploy the DaemonSet and use Policy Controller to configure the network policies. Use Cloud Monitoring to detect drifts from the source in the repository and Cloud Functions to correct the drifts.
Use Cloud Build to render and deploy the network policies and the DaemonSet. Set up Config Sync to sync the configurations for the three environments.
Use Cloud Build to render and deploy the network policies and the DaemonSet. Set up a Policy Controller to enforce the configurations for the three environments.
ユーザの投票
コメント(4)
Option C is not as effective as Option D because it does not enforce the network policies and DaemonSet configurations. This means that unauthorized changes could still be made to the configurations.
Config Sync is a tool that can be used to synchronize Kubernetes configurations across multiple clusters. However, it does not prevent unauthorized changes from being made to the configurations.
Policy Controller is a tool that can be used to enforce Kubernetes configurations. It does this by monitoring the Kubernetes API for changes to the configurations and automatically reverting unauthorized changes.
Therefore, Option D is a more secure and reliable option for ensuring that the network policies and DaemonSet are enforced and installed consistently across the three environments.
👍 7ManishKS2023/10/01- 正解だと思う選択肢: D
"Policy Controller can catch and enforce policy violations on those resources before they are deployed. "
https://cloud.google.com/anthos-config-management/docs/concepts/config-controller-overview
👍 1lelele20232023/11/04 - 正解だと思う選択肢: D
I would go for D as well
👍 1Andrei_Z2023/11/20
シャッフルモード