Create a Google Kubernetes Engine (GKE) Cluster without Public IP Addresses

B.

To host a newly built application that requires access to third-party services on the internet while adhering to the guideline that no Compute Engine instance can have a public IP address on Google Cloud, we need to create a Google Kubernetes Engine (GKE) cluster with a deployment strategy that allows access to external services without exposing the cluster to the public internet.

Option A: Configure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster subnet. In this option, we can create a private cluster in GKE which would not expose the cluster to the public internet. To enable communication with external services, we can configure a Cloud NAT Gateway for the cluster subnet, which would allow outbound traffic from the cluster to the internet through a private IP address. This option is a viable choice, and it is recommended for applications that require high availability and reliability.

Option B: Configure the GKE cluster as a private cluster. Configure Private Google Access on the Virtual Private Cloud (VPC). In this option, we can create a private cluster in GKE, which would not expose the cluster to the public internet. We can then configure Private Google Access on the Virtual Private Cloud (VPC) to enable communication between the GKE cluster and external services. Private Google Access allows GKE cluster nodes to access Google APIs and services over a private IP address, which eliminates the need for public IP addresses. This option is suitable for applications that need to access external services through Google APIs.

Option C: Configure the GKE cluster as a route-based cluster. Configure Private Google Access on the Virtual Private Cloud (VPC). In this option, we can create a route-based GKE cluster, which would not expose the cluster to the public internet. We can then configure Private Google Access on the Virtual Private Cloud (VPC) to enable communication between the GKE cluster and external services. Private Google Access allows GKE cluster nodes to access Google APIs and services over a private IP address, which eliminates the need for public IP addresses. This option is suitable for applications that require advanced networking configurations.

Option D: Create a Compute Engine instance, and install a NAT Proxy on the instance. Configure all workloads on GKE to pass through this proxy to access third-party services on the Internet. In this option, we can create a Compute Engine instance and install a NAT Proxy on the instance. We can then configure all workloads on GKE to pass through this proxy to access third-party services on the internet. This option requires additional configuration and management overhead, and it is not recommended for applications that require high availability and reliability.

Therefore, the best option for creating a GKE cluster to host a newly built application that requires access to third-party services on the internet while adhering to the guideline that no Compute Engine instance can have a public IP address on Google Cloud is Option A: Configure the GKE cluster as a private cluster, and configure Cloud NAT Gateway for the cluster subnet.