Anthos and GKE

Modernize, manage, and observe their applications using Kubernetes and Anthos
Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE),
GKE Connect,Istio service mesh and Anthos Config Management capabilities that enable operators to work with
modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This
is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in
that course.
More Information
Special Product No
Course feature 24x7 Support, Real-time code analysis and feedback, 100% Money Back Guarantee
Funding

This course is IMDA CITREP+ Funded for Delivery. Singaporeans can also use their SkillsFuture credit for this course.

Category Type Singapore Citizen Permanent Residents(* with effect from 1 August 2017)
Training Course and Certification Certification Only Training Course and Certification Certification Only
Organisation-Sponsored Non SMEs Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
SMEs Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee
Professionals (40 years old and above) Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee
Self-Sponsored Professionals Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
Professionals (40 years old and above) Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee
Students and/or Full Time National Service (NSF) Up to 100% of the nett payable course and certification fees, capped at $2,500 per trainee Up to 100% of the nett payable certification fees, capped at $500 per trainee Not eligible
1) Professionals category includes displaced workers.2) This has been harmonised with SkillsFuture initiatives.*  CITREP+ funding does not support GST, VAT, registration fees, membership fees, rebates, renewal of certification, incentives, discounts or any training grant offered by any course providers or any other organisation in relation to the endorsed courses/certifications.

** For more details on CITREP+ funding support for students/NSF, please refer to CITREP+ Claim Application Guide.

  • 24x7 Support

  • Real-time code analysis and feedback

  • 100% Money Back Guarantee

As an authorised Google Cloud Training Partner, Agilitics has been selected by Google to facilitate the delivery of this 5 days course.

Through a combination of presentations, demos, and hands-on labs, you’ll explore and deploy solution elements, including infrastructure components such as networks, systems, and application services.

This course also covers deploying practical solutions including security and access management, resource management, and resource monitoring.

This Architecting with Google Kubernetes Engine and Anthos course is available as a live Virtual Classroom and will run over 5 days. We also offer private training that can be delivered at our own training facilities in Saingapore or India or any location of your choice.

This course is suitable for Cloud architects, administrators, and those working in SysOps/DevOps. Individuals using Google Cloud Platform to create new solutions or to integrate existing systems, application environments, and infrastructure with the Google Cloud Platform will also benefit from this course.

  • Explain how software containers work and the architecture of Kubernetes
  • Understand how pod networking works in Kubernetes Engine
  • Create and manage Kubernetes Engine clusters using the GCP Console and gcloud/ kubectl commands
  • Launch, roll back and expose jobs in Kubernetes
  • Manage access control using Kubernetes RBAC and Google Cloud IAM
  • Manage pod security policies and network policies
  • Use Secrets and ConfigMaps to isolate security credentials and configuration artifacts
  • Understand GCP choices for managed storage services
  • Monitor applications running in Kubernetes Engine
  • Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on
  • Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver
  • Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies
  • Connect and manage on-premises clusters, and workloads using GKE On-Prem
  • Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository

This course is IMDA CITREP+ Funded for Delivery. Singaporeans can also use their SkillsFuture credit for this course.

Category Type Singapore Citizen Permanent Residents(* with effect from 1 August 2017)
Training Course and Certification Certification Only Training Course and Certification Certification Only
Organisation-Sponsored Non SMEs Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
SMEs Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee
Professionals (40 years old and above) Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee
Self-Sponsored Professionals Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee Up to 70% of the nett payable course and certification fees, capped at $3,000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
Professionals (40 years old and above) Up to 90% of the nett payable course and certification fees, capped at $3,000 per trainee
Students and/or Full Time National Service (NSF) Up to 100% of the nett payable course and certification fees, capped at $2,500 per trainee Up to 100% of the nett payable certification fees, capped at $500 per trainee Not eligible
1) Professionals category includes displaced workers.2) This has been harmonised with SkillsFuture initiatives.*  CITREP+ funding does not support GST, VAT, registration fees, membership fees, rebates, renewal of certification, incentives, discounts or any training grant offered by any course providers or any other organisation in relation to the endorsed courses/certifications.

** For more details on CITREP+ funding support for students/NSF, please refer to CITREP+ Claim Application Guide.

This class is primarily intended for the following participants:
● Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.
● Technical employees using GCP, including customer companies, partners and system integrators:
deployment engineers, cloud architects, cloud administrators, system engineers , and SysOps/DevOps engineers.

To get the most of out of this course, you should have:
  • Completed Google Cloud Platform Fundamentals: Core Infrastructure course or have equivalent experience
  • Basic proficiency with command-line tools and Linux operating system environments

Course Outline

Architecting with GKE
Module 1: Introduction to Google Cloud Platform
  • The Google Cloud Platform Console
  • Cloud Shell
  • Define cloud computing
  • Identify GCPs compute services
  • Regions and zones
  • The cloud resource hierarchy
  • Administer your GCP resources
Module 2: Containers and Kubernetes in GCP
  • Create a container using Cloud Build
  • Store a container in Container Registry
  • The relationship between Kubernetes and Google Kubernetes Engine (GKE)
  • How to choose among GCP compute platforms
Module 3: Kubernetes Architecture
  • The architecture of Kubernetes: pods, namespaces
  • The control-plane components of Kubernetes
  • Create container images using Google Cloud Build
  • Store container images in Google Container Registry
  • Create a Kubernetes Engine cluster
Module 4: Kubernetes Operations
  • Work with the kubectl command
  • Inspect the cluster and Pods
  • View a Pods console output
  • Sign in to a Pod interactively
Module 5: Deployments, Jobs, and Scaling
  • Create and use Deployments
  • Create and run Jobs and CronJobs
  • Scale clusters manually and automatically
  • Configure Node and Pod affinity
  • Get software into your cluster with Helm charts and Kubernetes Marketplace
Module 6: GKE Networking
  • Create Services to expose applications that are running within Pods
  • Use load balancers to expose Services to external clients
  • Create Ingress resources for HTTP(S) load balancing
  • Leverage container-native load balancing to improve Pod load balancing
  • Define Kubernetes network policies to allow and block traffic to pods
Module 7: Persistent Data and Storage
  • Use Secrets to isolate security credentials
  • Use ConfigMaps to isolate configuration artifacts
  • Push out and roll back updates to Secrets and ConfigMaps
  • Configure Persistent Storage Volumes for Kubernetes Pods
  • Use StatefulSets to ensure that claims on persistent storage volumes persist across restarts
Module 8: Access Control and Security in Kubernetes and Kubernetes Engine
  • Kubernetes authentication and authorisation
  • Kubernetes RBAC roles and role bindings for accessing resources in namespaces
  • Kubernetes RBAC cluster roles and cluster role bindings for accessing cluster-scoped resources
  • Define Kubernetes pod security policies
  • The structure of GCP IAM
  • IAM roles and policies for Kubernetes Engine cluster administration
Module 9: Logging and Monitoring
  • Use Stackdriver to monitor and manage availability and performance
  • Locate and inspect Kubernetes logs
  • Create probes for wellness checks on live applications
Module 10: Using GCP Managed Storage Services from Kubernetes Applications
  • Pros and cons for using a managed storage service versus self-managed containerised storage
  • Enable applications running in GKE to access GCP storage services
  • Use cases for Cloud Storage, Cloud SQL, Cloud Spanner, Cloud Bigtable, Cloud Firestore, and BigQuery from within a Kubernetes application

Anthos
Module 1: Anthos Overview
  • Understand Hybrid environments connected using Anthos
  • Explain problems identified and addressed when using Anthos with modern solution patterns
  • Describe the components of the Anthos technology stack
Module 2: Managing Hybrid Clusters using Kubernetes Engine
  • Understand the Anthos Compute Layer
  • Introduce the Anthos deployed on VMware cluster architecture
  • Explain the Anthos deployed on VMware components
  • Review initial networking considerations
  • Lab: Managing Hybrid Clusters using Kubernetes Engine
Module 3: Introduction to Service Mesh
  • Understand monolith to microservices evolution/transition and the benefits of service mesh
  • Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
  • Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
  • Lab A: Installing Open Source Istio on Kubernetes Engine
  • Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine
Module 4: Observing Services using Service Mesh Adapters
  • Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
  • Observe telemetry with dashboards using Prometheus and Grafana
  • Trace application timing through services with Jaeger
  • Observe service topologies, relationships, and live traffic using Kiali
Module 5: Manage Traffic Routing with Service Mesh
  • Understand the Istio control-plane Pilot component
  • Review traffic management use cases including ingress and service to service flows
  • Configure and observe multiple methods of traffic management including version-specific routing, and shifting traffic gradually from one version of a microservice to another
  • Lab: Manage Traffic Routing with Istio and Envoy
Module 6: Manage Policies and Security with Service Mesh
  • Incrementally adopt Istio security across services using mTLS
  • Configure inbound authentication from outside the service mesh
  • Lab: Manage Policies and Security with Istio and Citadel
Module 7: Managing Policies using Anthos Config Management
  • Explain configuration challenges introduced when using multi-cluster topologies
  • Install Anthos Config Management, and connect your Git repository
  • Verify manual configuration changes (drift) are reversed, ensuring consistent policy
  • Update configuration using the Git repository and verify changes are applied
  • Lab: Managing Policies in Kubernetes Engine using Anthos Config Management
Module 8: Configuring Anthos GKE for Multi-Cluster Operation
  • Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
  • Understand and configure DNS when locating external services
  • Understand and configure Citadel and certificates when enabling multi-cluster applications
  • Lab: Configuring GKE for Multi-Cluster Operation with Istio
  • Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation