Google Cloud Professional Cloud Network Engineer — Question 152

You are designing an IP address scheme for new private Google Kubernetes Engine (GKE) clusters. Due to IP address exhaustion of the RFC 1918 address space in your enterprise, you plan to use privately used public IP space for the new clusters. You want to follow Google-recommended practices. What should you do after designing your IP scheme?

Answer options

• A. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters. Re-use the secondary address range for the pods across multiple private GKE clusters.
• B. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters, Re-use the secondary address range for the services across multiple private GKE clusters.
• C. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --enable-ip-alias and --enable-private-nodes.
• D. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --disable-default-snat, --enable-ip-alias, and --enable-private-nodes.

Correct answer: D

Explanation

The correct answer is D because it specifies the necessary settings to create a private GKE cluster that uses privately used public IPs while enabling IP aliasing and private nodes, which aligns with best practices. Options A and B incorrectly reference using RFC 1918 IP ranges instead of publicly used IP space, and they also misallocate secondary address ranges. Option C, while close, lacks the 'disable-default-snat' option, which is crucial for the intended configuration.