Google Cloud Professional Cloud Network Engineer — Question 54

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
✑ IP ranges for pods and services must be as small as possible.
✑ The nodes and the master must not be reachable from the internet.
✑ You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

Answer options

• A. "¢ Create a private cluster that uses VPC advanced routes. "¢ Set the pod and service ranges as /24. "¢ Set up a network proxy to access the master.
• B. "¢ Create a VPC-native GKE cluster using GKE-managed IP ranges. "¢ Set the pod IP range as /21 and service IP range as /24. "¢ Set up a network proxy to access the master.
• C. "¢ Create a VPC-native GKE cluster using user-managed IP ranges. "¢ Enable a GKE cluster network policy, set the pod and service ranges as /24. "¢ Set up a network proxy to access the master. "¢ Enable master authorized networks.
• D. "¢ Create a VPC-native GKE cluster using user-managed IP ranges. "¢ Enable privateEndpoint on the cluster master. "¢ Set the pod and service ranges as /24. "¢ Set up a network proxy to access the master. "¢ Enable master authorized networks.

Correct answer: D

Explanation

The correct answer is D because it meets all requirements by creating a VPC-native GKE cluster with user-managed IP ranges and enabling privateEndpoint, ensuring that nodes and the master are not internet-reachable. Options A and B do not use privateEndpoint, and option C lacks the necessary private access configuration for the master.