Domain 2: Managing and Provisioning a Solution Infrastructure — GCP PCA Practice Question 39

How to approach this question

Understand the architecture of a GKE Private Cluster: Nodes have no public IPs, the master is in a Google VPC, they communicate via peering, and you secure the master with authorized networks.

Full Answer

In a GKE Private Cluster, the worker nodes only have internal RFC 1918 IP addresses, protecting them from inbound internet traffic. The Kubernetes control plane (master) is managed by Google and resides in a separate Google-owned VPC. GCP automatically creates a VPC Peering connection between your VPC and the Google VPC so the nodes can talk to the master. To secure access to the master API server from the outside, you configure Master Authorized Networks.

Common mistakes

Believing the master is in your VPC (D). Google manages the master in their own tenant project.

You are deploying a highly secure application to Google Kubernetes Engine (GKE). The security team mandates that the GKE cluster must be a Private Cluster. Which THREE statements are true regarding GKE Private Clusters? (Select THREE)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 3

More questions from this exam