Professional-Cloud-DevOps-Engineer Exam Dumps : Google Cloud Certified - Professional Cloud DevOps Engineer Exam

To exclude a subset of users or projects from Data Access audit logging, you use the exempted principals configuration. This allows you to selectively disable logs for specific groups, such as developers in the CustomerService folder.

"You can configure exempted principals so that audit logs are not generated for certain users, service accounts, or groups."

— Configuring Audit Logs

"Data Access logs are disabled by default because of their high volume, and you can enable them at the organization, folder, or project level."

— Audit Logs Overview

Thus, enabling audit logging org-wide and exempting a specific set of users (i.e., CustomerService folder) meets the need.

OOMKilled means the containers exceeded their allocated memory. Since the HPA isn't scaling up (stuck at min), this indicates the issue is not scale-related but container memory limits are too low.

"Pods terminated with OOMKilled have exceeded their memory limits. You should adjust the container's resource requests and limits."

— Kubernetes OOMKill Debug Guide

Scaling the number of replicas won't help if each replica crashes. You need to increase memory limits so pods can run reliably before autoscaling can even work.

The best option for ensuring continued operations until the microservice is fixed is to add a HTTP liveness probe to the microservice’s deployment. A HTTP liveness probe is a type of probe that checks if a Pod is alive by sending an HTTP request and expecting a success response code. If the probe fails, Kubernetes will restart the Pod. You can add a HTTP liveness probe to your microservice’s deployment by using a livenessProbe field in your Pod spec. This way, you can ensure that any Pod that returns 403 errors after running for more than five hours will be restarted automatically and resume normal operations.