Free Google Cloud Architect Actual Exam Questions - Question 10 Discussion
remain private (no external IP address) but needs to download security patches
from the internet. What is the minimum networking component required to enable
this outbound traffic?
Since the VM has no external IP, it can’t directly access the internet. That rules out options without NAT. So, would enabling Private Google Access (C) alone let it reach external patch servers? Seems unlikely.
It’s B for me. The Horizontal Pod Autoscaler will handle scaling the pods based on load, and cluster autoscaling keeps the nodes in check. Using a Service of type LoadBalancer simplifies HTTPS traffic because GKE provisions a cloud load balancer with SSL termination out of the box, so you don’t have to set up Ingress and worry about extra components. A is good but depends on having an Ingress controller properly configured, which might not be guaranteed. B is straightforward and covers autoscaling plus SSL load balancing more directly.
Good point about HTTPS management. I’d pick A since Horizontal Pod Autoscaler handles pod scaling and cluster autoscaling manages node count, plus Ingress is designed for HTTPS load balancing on GKE. A
D imo, scaling the instance group doesn't directly manage pod scaling in GKE, so it's less flexible. Using a LoadBalancer service without pod-level autoscaling seems limiting for automatic scaling needs.
What about B though? LoadBalancer service also supports HTTPS with managed certs now.
A/B? I get that B uses a LoadBalancer service which can handle HTTPS directly, but that typically means managing TLS certs on each pod or service level, which gets messy. A’s Ingress resource usually centralizes TLS termination, making it cleaner for HTTPS. Also, cluster autoscaling with Horizontal Pod Autoscaler in both options seems right to handle scaling properly. So from a deployment best practice standpoint, A seems like the better fit.
Probably A. Ingress handles HTTPS termination better than a LoadBalancer service directly, and combining it with Horizontal Pod Autoscaler and cluster autoscaling covers scaling at both pod and node levels.
Option A makes sense because using an Ingress resource is the standard way to manage HTTPS traffic with GKE, and combining that with Horizontal Pod Autoscaler plus cluster autoscaling covers both pod and node scaling. Options C and D rely on instance group autoscaling, which isn't ideal for GKE workloads where pod autoscaling is preferred. Between A and B, B uses Service type LoadBalancer, which works but doesn't natively handle HTTPS routing like Ingress does. So A fits better for automatic HTTPS handling and scaling.
A or B? Need to know if Ingress better handles HTTPS here.