Google Cloud Professional Cloud DevOps Engineer — Question 53

Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments.
What should you do?

Answer options

• A. Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.
• B. Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.
• C. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.
• D. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.

Correct answer: D

Explanation

The correct answer is D because it ensures that each team has its own Kubernetes namespace while using Role-based access control (RBAC) to restrict access to only their namespace, thereby maintaining security and separation. Option A does not utilize namespaces, increasing the risk of cross-access. Option B also lacks RBAC, which is crucial for enforcing access controls. Option C uses Identity Aware Proxy, which is not necessary for this scenario, as RBAC provides a more straightforward solution for namespace access control.