Q: 10
You have a non-critical business application running on Google Kubernetes Engine (GKE) in the app-
dev VPC. You have created an AllayDB cluster with private Service Access (PSA) and no public IP
address in the db-dev VPC. You want your application to securely connect to AllowDB in a cost-
effective way. What should you do?
Options
Discussion
Option B fits since the app is non-critical and PSA already provides secure path, so direct private IP avoids extra cost or setup. If the VPCs weren’t peered, that’d change the answer. Anybody else disagree?
Maybe B. is the way for cost-effective and secure since proxies add needless complexity here. D is kind of a trap.
Does the question state that app-dev and db-dev VPCs are already peered, or is it just assumed because of PSA? If not, how would direct private IP (B) even work without peering in place?
B , just use the private IP with PSA. No need to overengineer with proxies or VPN for a non-critical app, PSA handles security inside the VPC. Pretty sure that's what Google expects here.
Its B. Private IP access between VPCs is the most straightforward and cost-effective here unless you need extra auth or crossing different projects.
B , direct private IP with PSA is all you need in this case given the non-critical app and cost concern.
Its B, no need for proxy (C/D) because PSA already makes the private IP secure. VPN (A) is overkill here.
Nah, C's tempting but I think B is right. For non-critical apps needing simple and cheap connections, direct private IP does the trick-Auth Proxy adds unnecessary complexity here. PSA handles security already. Anybody see a downside?
Be respectful. No spam.
