This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP). Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE Connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises.
- Connect and manage Anthos GKE clusters from GCP Console whether clusters are part of Anthos on Google Cloud or Anthos deployed on VMware.
- Understand how service mesh proxies are installed, configured and managed.
- Configure centralized logging, monitoring, tracing, and service visualizations wherever the Anthos GKE clusters are hosted.
- Understand and configure fine-grained traffic management.
- Use service mesh security features for service-service authentication, user authentication, and policy-based service authorization.
- Install a multi-service application spanning multiple clusters in a hybrid environment.
- Understand how services communicate across clusters.
- Migrate services between clusters.
- Install Anthos Config Management, use it to enforce policies, and explain how it can be used across multiple clusters.
Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers , and SysOps/DevOps engineers. Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.
completed the Architecting with Google Kubernetes Engine course and its prerequisites, or have equivalent experience.
The course includes presentations and hands-on labs.
Module 1: Anthos Overview
Describe challenges of hybrid cloud
Discuss modern solutions
Describe the Anthos Technology Stack
Module 2: Managing Hybrid Clusters using Kubernetes Engine
Understand Anthos GKE hybrid environments, with Admin and User clusters
Register and authenticate remote Anthos GKE clusters in GKE Hub
View and manage registered clusters, in cloud and on-premises, using GKE Hub
View workloads in all clusters from GKE Hub
Lab: Managing Hybrid Clusters using Kubernetes Engine
Module 3: Introduction to Service Mesh
Understand service mesh, and problems it solves
Understand Istio architecture and components
Explain Istio on GKE add on and it’s lifecycle, vs OSS Istio
Understand request network traffic flow in a service mesh
Create a GKE cluster, with a service mesh
Configure a multi-service application with service mesh
Enable external access using an ingress gateway
Explain the multi-service example applications: Hipster Shop, and Bookinfo
Lab: Installing Open Source Istio on Kubernetes Engine
Lab: Installing the Istio on GKE Add-On with Kubernetes Engine
Module 4: Observing Services using Service Mesh Adapters
Understand service mesh flexible adapter model
Understand service mesh telemetry processing
Explain Stackdriver configurations for logging and monitoring
Compare telemetry defaults for cloud and on-premises environments
Configure and view custom metrics using service mesh
View cluster and service metrics with pre-configured dashboards
Trace microservice calls with timing data using service mesh adapters
Visualize and discover service attributes with service mesh
Lab: Telemetry and Observability with Istio
Module 5: Managing Traffic Routing with Service Mesh
Understand the service mesh abstract model for traffic management
Understand service mesh service discovery and load balancing
Review and compare traffic management use cases and configurations
Understand ingress configuration using service mesh
Visualize traffic routing with live generated requests
Configure a service mesh gateway to allow access to services from outside the mesh
Apply virtual services and destination rules for version-specific routing
Route traffic based on application-layer configuration
Shift traffic from one service version to another, with fine-grained control, like a canary deployment
Lab: Managing Traffic Routing with Istio and Envoy
Module 6: Managing Policies and Security with Service Mesh
Understand authentication and authorization in service mesh
Explain mTLS flow for service to service communication
Adopt mutual TLS authentication across the service mesh incrementally
Enable end-user authentication for the frontend service
Use service mesh access control policies to secure access to the frontend service
Lab: Managing Policies and Security with Service Mesh
Module 7: Managing Policies using Anthos Config Management
Understand the challenge of managing resources across multiple clusters
Understand how a Git repository is as a configuration source of truth
Explain the Anthos Config Management components, and object lifecycle
Install and configure Anthos Config Management, operators, tools, and related Git repository
Verify cluster configuration compliance and drift management
Update workload configuration using repo changes
Lab: Managing Policies in Kubernetes Engine using Anthos Config
Module 8: Configuring Anthos GKE for Multi-Cluster Operation
Understand how multiple clusters work together using DNS, root CA, and service discovery
Explain service mesh control-plane architectures for multi-cluster
Configure a multi-service application using service mesh across multiple clusters with multiple control-planes
Configure a multi-service application using service mesh across multiple clusters with a shared control-plane
Configure service naming/discovery between clusters
Review ServiceEntries for cross-cluster service discovery
Migrate workload from a remote cluster to an Anthos GKE cluster
Lab: Configuring GKE for Multi-Cluster Operation with Istio
Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation
Ce cours vous intéresse ?
for your organization