GCP Professional Cloud Architect Practice Question
Your organization operates dozens of Google Kubernetes Engine (GKE) clusters across more than 20 projects. Security policy mandates that every new cluster must enable Workload Identity and include a standard set of node labels. At present, platform teams provision clusters by invoking gcloud commands from their laptops, and periodic audits continue to uncover configuration drift among environments. You need a repeatable, automated way that enforces the required settings while still allowing application teams to request new clusters through code review. Which strategy best satisfies these goals?
Provide each team with a Google Cloud Deployment Manager template to copy, letting them edit the YAML to suit their needs before running gcloud deployment-manager deployments create.
Publish a centrally maintained Terraform module that encodes the required GKE settings and trigger Cloud Build to run terraform plan and apply after every approved change request.
Have teams create clusters manually in the Cloud console following a documented runbook, and rely on scheduled Forseti scans to identify and remediate any drift.
Distribute a Bash script that wraps gcloud container clusters create with the required flags and instruct teams to run it from their local machines whenever a new cluster is needed.
Publishing a vetted Terraform module that codifies the approved GKE cluster configuration turns the platform requirements-such as Workload Identity and mandatory node labels-into version-controlled, reviewable code. When teams need a new cluster, they reference the shared module, submit a pull request, and a Cloud Build trigger runs terraform plan for review and terraform apply only after approval. Because both the desired state and the deployment workflow are expressed as code, the approach eliminates manual variation, supports peer review, and provides an auditable history of all changes.
By contrast, a Bash wrapper script that relies on local execution remains susceptible to human error and inconsistent versions. Copy-and-modify Deployment Manager templates perpetuate drift and depend on a service that has been slated for deprecation. Creating clusters manually in the Cloud console and relying on periodic drift detection is reactive and does not prevent misconfigurations up front.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is Terraform a better choice for managing GKE clusters compared to other options in this scenario?
Open an interactive chat with Bash
What is Workload Identity and why is it a recommended practice in GKE?
Open an interactive chat with Bash
How does Cloud Build help enforce infrastructure standards in this solution?
Open an interactive chat with Bash
What is Workload Identity in GKE?
Open an interactive chat with Bash
What is Terraform and why is it used in cloud workflows?
Open an interactive chat with Bash
What causes configuration drift and how can it be prevented?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Ensuring solution and operations excellence
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .