I'd say D makes sense here. If you assign an external IP to the Cloud Run service, it should be able to connect out to external resources like an on-prem database, assuming firewall rules allow it. I remember seeing a similar setup in a practice set, so I think D works, but open to other ideas if I'm missing a detail.
A large enterprise is migrating all its production workloads to Google Cloud. The security team insists that all outbound internet traffic from the VPC network be inspected by their proprietary, on-premises Intrusion Detection System (IDS) before leaving the Google network. What networking feature must be implemented?
Seen this kind of scenario in the official guide and practice sets. You need a custom static route to force all outbound traffic through on-prem systems for IDS inspection. If I missed something, open to hearing other takes.
Saw an almost identical scenario in a practice set, and the answer was Anthos since it can centralize config and policy for both GKE and EKS. Pretty sure that's what they're after here, but open to other views if someone thinks A makes more sense.
Had something like this in a mock and picked A. Moving all workloads to GKE Standard seemed like it would fix policy headaches since everything would be on one platform, but now I wonder if that's really the best for mixed environments. Anyone else think A could work?
I was thinking A here. Migrating everything to GKE seems like it would clean up the multi-cloud mess and make it way easier to manage policy since there's only one platform to worry about. Maybe I'm missing something, but feels like a straightforward fix.
Cloud Filestore (Enterprise or High Scale)
This is the only one that's fully managed and actually supports NFS directly, which is what legacy apps expect. Cloud Storage looks close but it's object storage, not NFS, so it won't work out of the box for this use case. Pretty sure that's the logic Google wants here but if anyone sees a catch let me know.