GCP Professional Cloud Architect Practice Question
Your company has a 2-Gbps Dedicated Interconnect and Cloud Router providing private connectivity between its on-premises data center and a Google Cloud VPC. A new micro-services platform will run on Google Kubernetes Engine and must allow on-premises applications to initiate TCP sessions directly to individual Pods in the cluster over their internal IP addresses. The platform team must also be able to grow the cluster to 5,000 nodes without running into VPC custom route-table limits or adding per-node routes. Which GKE networking design should you recommend?
Create a VPC-native GKE cluster but enable IP-masquerade for all destinations so Pods use their node's primary IP when talking to on-premises systems.
Create a routes-based GKE cluster and add a static custom route in the VPC for each node's PodCIDR so on-premises networks can reach the Pods directly.
Create a VPC-native GKE cluster that uses secondary IP ranges for Pods and Services, and configure Cloud Router to export those secondary ranges over the Interconnect.
Create a routes-based GKE cluster and expose every service through an internal TCP/UDP load balancer whose VIPs are advertised to on-premises by Cloud Router.
A VPC-native GKE cluster allocates Pod and Service IPs from secondary IP ranges (alias IP ranges) that belong to the VPC subnet. Because the Pods receive IPs from the VPC, they are natively routable inside the VPC and across hybrid connections when those secondary ranges are exported by Cloud Router. No per-node routes are created, so the design scales to thousands of nodes without exhausting the VPC route quota. A routes-based cluster adds one custom route for every node (or Pod CIDR) and would quickly exhaust route-table limits, while relying on NodePorts or Cloud NAT would hide Pod IPs from the data-center, violating the direct-reachability requirement. Therefore, creating a VPC-native (alias IP) cluster and advertising its secondary ranges is the only option that satisfies both reachability and scalability constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC-native GKE cluster?
Open an interactive chat with Bash
What are secondary IP ranges and how are they used in GKE?
Open an interactive chat with Bash
What is a Cloud Router and how does it help with hybrid connectivity?
Open an interactive chat with Bash
What does VPC-native mean in the context of GKE?
Open an interactive chat with Bash
What are secondary IP ranges?
Open an interactive chat with Bash
What role does Cloud Router play in hybrid connectivity?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing and provisioning a solution infrastructure
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .