Cloud Logging and Kubernetes Management Quiz

Questions and Answers

What should you do to minimize costs while using Cloud Logging with BigQuery?

• Create a logs export with Cloud Pub/Sub and configure a Cloud Function to filter logs.
• Filter Compute Engine logs and create a BigQuery export as a sink. (correct)
• Assign the BigQuery Data Editor role to service accounts and set the logs destination.
• Create a Cloud Function to execute a query and use Cloud Scheduler to run it daily.

Which option utilizes the fewest services when creating a DaemonSet in a Kubernetes cluster with Deployment Manager?

• Create a Compute Engine instance with a startup script to use kubectl for the DaemonSet.
• Add the cluster's API as a new Type Provider and create the DaemonSet.
• Add a metadata entry in the cluster's definition with the DaemonSet manifest. (correct)
• Use the Runtime Configurator to create a Config resource with the DaemonSet definition.

In a cloud logging context, what role should be assigned to service accounts to permit them to write logs to BigQuery?

• BigQuery Data Owner
• Cloud Logging Admin
• BigQuery Viewer
• BigQuery Data Editor (correct)

Which strategy is NOT a recommended method for log retention in Google Cloud Logging?

Setting a global retention policy for all logs. (B)

What service can be used to monitor and filter specific logs for a Kubernetes cluster?

Cloud Pub/Sub (D)

When configuring a service to run a DaemonSet, which Kubernetes object is essential?

DaemonSet (D)

What is the primary purpose of using Cloud Scheduler in a logging architecture?

To automate the triggering of log-related functions. (B)

Which service type should you create to expose an application on a public IP address using HTTPS in Google Kubernetes Engine?

Create a Service of type NodePort with Ingress to expose via Cloud Load Balancer. (A)

What is the first step to estimate costs for a Kubernetes cluster using GCP's pricing calculator?

Enter the number of nodes, average hours, and average days. (D)

Which option provides an efficient way to streamline Kubernetes resource deployment via Deployment Manager?

Combining resource metadata into a single deployment configuration. (D)

How can you improve an application's exposure to public traffic in a GKE cluster with autoscaling enabled?

Create a Service of type LoadBalancer with HTTPS configuration. (B)

What is the primary benefit of using persistent disk storage in GCP?

It allows for high IOPs and data persistence across node failures. (A)

Which approach is incorrect for configuring public access to an application in GKE?

Configure DNS to point directly to a ClusterIP service. (B)

When should you use the local SSD option in GCP?

When you require high throughput and low latency for temporary storage. (A)

What is a mistake when estimating costs for high IOPs workloads in GCP Kubernetes?

Neglecting to include GPU costs for performance scaling. (D)

Which configuration is optimal for maintaining high availability and accessibility of your application on GKE?

Deploy multiple replicas with a Service of type LoadBalancer. (B)

What is the most appropriate way to grant an auditor access to read project items without modifying them?

Select the built-in IAM project Viewer role and add the user's account to this role. (B)

How can two groups of Compute Engine instances from different GCP projects communicate?

Share the VPC from one project with the Compute Engine instances in the other project. (A)

What should you do to provide your Machine Learning team access to Nvidia Tesla P100 GPUs in a GKE cluster?

Deploy a custom GKE cluster with specialized nodes for GPU workloads. (C)

Which of the following approaches best represents a log retention strategy in a GCP environment?

Configure logs to be deleted after one year to save space. (B)

When managing billing accounts in GCP, which practice should be avoided?

Assign billing account permissions to all users in the organization. (A)

Which service type in GKE is most suitable for running long-lived applications?

Deployments (C)

In the context of IAM roles, which option is most aligned with providing minimal necessary permissions?

Create a custom role with only the necessary permissions for the task. (A)

What is essential for ensuring proper access and management of GPUs in GKE clusters for specific workloads?

Use node pools with GPUs and configure workload permissions accordingly. (D)

Flashcards

GCP Kubernetes cluster cost estimation

Estimating the cost of a Google Kubernetes Engine (GKE) cluster involves using the GCP pricing calculator, considering factors like the number of nodes, average hours and days of use, high IOPs, persistent disk storage, and snapshots.

High IOPs in Kubernetes

High Input/Output Operations Per Second (IOPs) are a demanding workload that requires faster storage in a Kubernetes environment.

Kubernetes persistent disk storage

Persistent disks store data in a Kubernetes cluster, even if the pods stop, requiring a cost assessment.

Kubernetes snapshot storage

Capturing copies of the data in persistent disks within Kubernetes for backups or recovery, affecting the cost.

Kubernetes cluster management cost

Estimating the cost associated with managing a Kubernetes cluster, including resources, security, and operations.

Exposing Kubernetes application via HTTPS

Making a cloud application accessible to the public through a secure connection (HTTPS) using a public IP address.

Kubernetes Service type NodePort

A Kubernetes service type that exposes the application on a specific port on each node within the cluster.

Kubernetes Ingress with Cloud Load Balancer

Using a Kubernetes Ingress component to manage traffic routing and a Cloud Load Balancer to distribute traffic securely to the containers.

Minimizing Cloud Logging costs with BigQuery

Filtering Compute Engine logs and exporting them to BigQuery's platform-logs dataset using Cloud Logging's export feature reduces storage costs by only storing necessary logs.

Creating a DaemonSet with Deployment Manager

Directly define the DaemonSet manifest within the Deployment Manager configuration for the Kubernetes Engine cluster, without using intermediary resources like Compute Engine instances or Runtime Configurators.

Cloud Logging export destination

BigQuery (platform-logs dataset) is the destination for exporting computed logs in Cloud Logging.

Deployment Manager and Kubernetes

Deployment Manager can manage the creation and configuration of Google Kubernetes Engine (GKE) clusters, as well as resources within the cluster, such as DaemonSets.

DaemonSet in kube-system

A DaemonSet in the kube-system namespace is designed to run on every node within a Kubernetes cluster; this involves running system-required services on every node.

Deployment Manager Runtime Configurator

Deployment Manager's Runtime Configurator is not the best choice for deploying Kubernetes resources, as it involves more steps and services than needed.

Compute Engine instance as bridge

Using a compute engine instance and a startup script with kubectl to create DaemonSets is not the most efficient approach when deploying within Kubernetes through Deployment Manager.

Direct Deployment Manager approach for DaemonSet

Metadata in Deployment Manager is a key-value pair approach, and a direct approach for defining resources, therefore it's the recommended method.

Inter-project VPC communication

Connecting Compute Engine instances in separate GCP projects, each with its own VPC, requires sharing the VPC from one project with the other project's instances.

GCP Organization for inter-project communication

To enable inter-project VPC communication, both involved projects must be part of the same GCP Organization.

Project Viewer IAM role

The built-in IAM Project Viewer role grants read-only access to all project resources, suitable for auditors.

GPU access for ML in GKE

To allow an ML team to use Nvidia Tesla P100 GPUs for training in a GKE cluster, use a node pool with GPU-enabled machine types.

GKE cluster cost

The cost of a GKE cluster depends on factors such as node type, storage, and network usage.

Custom IAM roles

You can create custom IAM roles with specific permissions to control access to GCP resources for different users or groups.

Shared VPCs

Shared VPCs allow sharing a VPC network between multiple GCP projects, facilitating communication and resource sharing.

GCP Organization benefits

A GCP Organization provides centralized management, billing, and security for multiple projects within the same organization.