Microsoft AZ-104 Exam - Topic 11 Question 29 Discussion

Actual exam question for Microsoft's AZ-104 exam

Question #: 29
Topic #: 11

[All AZ-104 Questions]

You have a service deployed to a Kubernetes cluster.

Another application needs to access the service via the private IP address of the pod.

Which of the following would you define as the networking type for the cluster to meet this requirement?

AKubenet

BAzure container networking plugin

CService Endpoints

DNetwork security groups
Azure container networking plugin : Correct Choice
With the Azure container networking plugin , every pod gets an IP address allocated.
With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be unique across your network space, and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, as can otherwise lead to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.
Nodes use the Azure Container Networking Interface (CNI) Kubernetes plugin.
Kubenet : Incorrect Choice
Thekubenetnetworking option is the default configuration for AKS cluster creation. Withkubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes.
Service Endpoints: Incorrect Choice
Capabilities like service endpoints or UDRs are supported with both kubenet and Azure CNI, the support policies for AKS define what changes you can make. For example:
* If you manually create the virtual network resources for an AKS cluster, you're supported when configuring your own UDRs or service endpoints.
* If the Azure platform automatically creates the virtual network resources for your AKS cluster, it isn't supported to manually change those AKS-managed resources to configure your own UDRs or service endpoints.
Network security groups: Incorrect Choice
A network security group filters traffic for VMs, such as the AKS nodes. As you create Services, such as a LoadBalancer, the Azure platform automatically configures any network security group rules that are needed.

Show Suggested Answer

Suggested Answer: B

https://docs.microsoft.com/en-us/azure/aks/concepts-network

by Josphine at May 07, 2022, 03:36 AM

Limited Time Offer

25%

7 months ago

I'm confused; was there a mention of internal storage in our notes? It might not be A or B, not sure about C either.

upvoted 0 times

...