Build a Global Leaderboard for Multiplayer FPS Game | Mountkirk Games
Question
Mountkirk Games makes online, session-based, multiplayer games for mobile platforms.
They have recently started expanding to other platforms after successfully migrating their on-premises environments to Google Cloud.
Their most recent endeavor is to create a retro-style first-person shooter (FPS) game that allows hundreds of simultaneous players to join a geo-specific digital arena from multiple platforms and locations.
A real-time digital banner will display a global leaderboard of all the top players across every active arena.
Solution concept - Mountkirk Games is building a new multiplayer game that they expect to be very popular.
They plan to deploy the game's backend on Google Kubernetes Engine so they can scale rapidly and use Google's global load balancer to route players to the closest regional game arenas.
In order to keep the global leader board in sync, they plan to use a multi-region Spanner cluster.
Existing technical environment - The existing environment was recently migrated to Google Cloud, and five games came across using lift-and-shift virtual machine migrations, with a few minor exceptions.
Each new game exists in an isolated Google Cloud project nested below a folder that maintains most of the permissions and network policies.
Legacy games with low traffic have been consolidated into a single project.
There are also separate environments for development and testing.
Business requirements -Support multiple gaming platforms.Support multiple regions.Support rapid iteration of game features.Minimize latency.Optimize for dynamic scaling.Use managed services and pooled resources.Minimize costs.
Technical requirements -Dynamically scale based on game activity.Publish scoring data on a near real-time global leaderboard.Store game activity logs in structured files for future analysis.Use GPU processing to render graphics server-side for multi-platform support.Support eventual migration of legacy games to this new platform.
Executive statement - Our last game was the first time we used Google Cloud, and it was a tremendous success.
We were able to analyze player behavior and game telemetry in ways that we never could before.
This success allowed us to bet on a full migration to the cloud and to start building all-new games using cloud-native design principles.
Google-recommended practices.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The question is asking for a recommendation on how to manage secrets in a Google Kubernetes Engine (GKE) cluster for a new multiplayer game that will be deployed on Google Cloud Platform (GCP) by Mountkirk Games.
Secrets are sensitive information such as passwords, API keys, and certificates that should be kept confidential and secure. Kubernetes Secrets is a native Kubernetes object that allows for secure storage and distribution of secrets to containers running in a cluster.
Option A: Configure Workload Identity and service accounts to be used by the application platform.
Workload Identity is a feature that allows a Kubernetes service account to be used as a Google Cloud IAM identity. This option suggests using service accounts with Workload Identity to access secrets stored in Google Cloud Storage (GCS) or Cloud Key Management Service (KMS). This option may not provide a secure solution as it requires granting the Kubernetes service account access to the entire GCS bucket or KMS key, which could lead to data breaches if the service account is compromised.
Option B: Use Kubernetes Secrets, which are obfuscated by default. Configure these Secrets to be used by the application platform.
This option suggests using Kubernetes Secrets to store and manage secrets, and configuring the Secrets to be used by the application platform. Kubernetes Secrets are stored as obfuscated data in etcd, a distributed key-value store used by Kubernetes. This option provides a secure solution for managing secrets as they are stored encrypted and can only be accessed by authorized containers in the cluster.
Option C: Configure Kubernetes Secrets to store the secret, enable Application-Layer Secrets Encryption, and use Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used by the application platform.
This option suggests using Kubernetes Secrets to store secrets and enabling Application-Layer Secrets Encryption (ALSE) to encrypt the Secrets at rest. It also suggests using Cloud KMS to manage the encryption keys. ALSE is a Kubernetes feature that allows encryption of Secrets data with a customer-managed key stored in Cloud KMS. This option provides a secure solution for managing secrets as they are stored encrypted, and the encryption keys are managed by Cloud KMS, which is a managed service provided by GCP.
Option D: Configure HashiCorp Vault on Compute Engine, and use customer managed encryption keys and Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used by the application platform.
This option suggests using HashiCorp Vault, a third-party secrets management tool, to store and manage secrets, and using customer-managed encryption keys stored in Cloud KMS to encrypt the Secrets at rest. This option provides a secure solution for managing secrets as HashiCorp Vault is a well-known and tested secrets management tool, and the encryption keys are managed by Cloud KMS.
Based on the business and technical requirements, the most appropriate option is B. Using Kubernetes Secrets provides a secure and cost-effective solution for managing secrets in a GKE cluster. Option C is also a viable alternative, but it may add complexity and cost to the solution. Options A and D may not provide a secure solution or may add unnecessary complexity and cost to the solution.
