You are creating a new GKE standard cluster.

Google Professional-Cloud-Network-Engineer Question Answer

You are creating a new GKE standard cluster. You need to configure the cluster to ensure that pods can reach other VMs in Google Cloud in the 192.168.0.0/24 subnet using the source IP of the GKE nodes. What should you do?

Q Set a GKE pod IP address range that fits in 10.0.0.0/8. Configure the —disable-def ault-snat. flag.

Q Set a GKE pod IP address range that fits in 10.0.0.0/8. Do not configure the —disable-def ault-snat flag.

Q Set a GKE pod IP address range that does not fit in 10.0.0.0/8. Do not configure the —disable-default-snat flag.

Q Set a GKE pod IP address range that does not fit in 10.0.0.0/8. Configure the —disable-default-snat flag.

Explanation:

By default, GKE uses SNAT (Source Network Address Translation) for pod egress traffic to destinations outside the cluster's IP ranges but within RFC 1918 private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). This means that traffic from pods leaving the cluster for these private IP destinations will have their source IP address translated to the node's IP address.

To ensure pods can reach VMs in the 192.168.0.0/24 subnet using the source IP of the GKE nodes, you want the default SNAT behavior to apply to this destination. The default SNAT rule applies when the destination is an RFC 1918 address and the source is a pod IP that is not within the same RFC 1918 range as the destination (e.g., if your pods are in a 10.x.x.x range and the destination is 192.168.x.x).

Therefore, you should:

Set a GKE pod IP address range that fits in 10.0.0.0/8: This ensures that the pod IPs are within an RFC 1918 range different from 192.168.0.0/24.

Do NOT configure the --disable-default-snat flag: If you disable default SNAT, pods would use their own IP addresses as source IPs, which might not be routable to the 192.168.0.0/24 subnet unless specific routes are configured. The goal is to use the node's IP.

The combination of having pod IPs in a different RFC 1918 range and not disabling default SNAT ensures that GKE performs SNAT, making the node's IP the source for traffic destined for the 192.168.0.0/24 subnet.

Exact Extract:

"By default, GKE performs SNAT (Source Network Address Translation) for egress traffic from pods to destinations outside the cluster's IP address ranges but within the private IP address ranges defined in RFC 1918 (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). When SNAT occurs, the source IP address of the egress packets is the node's IP address instead of the pod's IP address."

"The --disable-default-snat flag, when used, disables this default SNAT behavior. If you want traffic to use the node's IP as the source when reaching internal RFC 1918 destinations, do not set this flag."Reference: Google Kubernetes Engine Documentation - IP masquerade agent, Private IP addresses for GKE Pods and Services

Google Professional-Cloud-Network-Engineer View All Questions

Google Professional-Cloud-Network-Engineer Summary

Vendor: Google
Product: Professional-Cloud-Network-Engineer
Update on: Jul 28, 2025
Questions: 233

Price: $52.5 ~~$149.99~~

Buy Now Professional-Cloud-Network-Engineer PDF + Testing Engine Pack

Question:Your organization has a subset of applications in multiple regions that require internet access.

(Your digital media company stores a large number of video files on-premises.

Summer Special Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: vce65

You are creating a new GKE standard cluster.

The Answer Is:

Explanation:

Google Professional-Cloud-Network-Engineer Summary

Payments We Accept

Contact Us