Learn the best approach for deploying a stateless web application on Google Cloud with internal access, frequent updates, and minimal infrastructure management.
Table of Contents
Question
You need to deploy a single stateless web application with a web interface and multiple endpoints. For security reasons, the web application must be reachable from an internal IP address from your company’s private VPC and on-premises network. You also need to update the web application multiple times per day with minimal effort and want to manage a minimal amount of cloud infrastructure. What should you do?
A. Deploy the web application on Google Kubernetes Engine standard edition with an internal ingress.
B. Deploy the web application on Cloud Run with Private Google Access configured.
C. Deploy the web application on Cloud Run with Private Service Connect configured.
D. Deploy the web application to GKE Autopilot with Private Google Access configured.
Answer
C. Deploy the web application on Cloud Run with Private Service Connect configured.
Explanation
Let’s break down why this is the best solution and why the other options are not as suitable:
C. Deploy the web application on Cloud Run with Private Service Connect configured:
This is the optimal solution because:
- Cloud Run is a fully managed serverless platform, which means minimal infrastructure management.
- It supports stateless web applications with multiple endpoints.
- Cloud Run allows for easy and frequent updates multiple times per day.
- Private Service Connect enables internal access from your company’s VPC and on-premises network, meeting the security requirements.
Why the other options are less suitable:
A. Deploy the web application on Google Kubernetes Engine standard edition with an internal ingress:
While this could work, it requires more infrastructure management compared to Cloud Run. GKE standard edition is not as serverless as Cloud Run, which goes against the requirement of managing minimal cloud infrastructure.
B. Deploy the web application on Cloud Run with Private Google Access configured:
Private Google Access is used for allowing VMs without external IP addresses to access Google APIs and services. It doesn’t provide the internal accessibility required for this scenario. Private Service Connect is more appropriate for this use case.
D. Deploy the web application to GKE Autopilot with Private Google Access configured:
GKE Autopilot does provide more automation than standard GKE, but it still requires more management than Cloud Run. Additionally, as with option B, Private Google Access doesn’t provide the necessary internal accessibility.
In conclusion, Cloud Run with Private Service Connect (option C) offers the best combination of serverless deployment, easy updates, minimal infrastructure management, and secure internal access, making it the ideal choice for this scenario.
Google Associate Cloud Engineer certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Google Associate Cloud Engineer exam and earn Google Associate Cloud Engineer certification.