Anthos and GKE

Modernize, manage, and observe their applications using Kubernetes and Anthos

Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), Connect ,Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in that course.
More Information
Special Product No
Course feature 24x7 Support, Real-time code analysis and feedback, 100% Money Back Guarantee
  • 24x7 Support

  • Real-time code analysis and feedback

  • 100% Money Back Guarantee

Agilitics has been selected by Google to facilitate the delivery of Anthos course.

Our trainers work with the GCP on a daily basis and as a Google Cloud Partner you can benefit from the years of industry experience they’ll share with you.

Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE Connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with Google Kubernetes Engine and assumes hands-on experience with the technologies covered in that course.

This course is suitable for Cloud architects, administrators, and those working in SysOps/DevOps. Individuals using Google Cloud Platform to create new solutions or to integrate existing systems, application environments, and infrastructure with the Google Cloud Platform will also benefit from this course.

Walk away with the ability to:
  • Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on

  • Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver

  • Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies

  • Connect and manage on-premises clusters, and workloads using GKE On-Prem

  • Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository

The Objectives are: 

  • Explain how software containers work and the architecture of Kubernetes

  • Understand how pod networking works in Kubernetes Engine

  • Create and manage Kubernetes Engine clusters using the GCP Console and gcloud/ kubectl commands

  • Launch, roll back and expose jobs in Kubernetes

  • Manage access control using Kubernetes RBAC and Google Cloud IAM

  • Manage pod security policies and network policies

  • Use Secrets and ConfigMaps to isolate security credentials and configuration artifacts

  • Understand GCP choices for managed storage services

  • Monitor applications running in Kubernetes Engine

  • Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on

  • Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver

  • Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies

  • Connect and manage on-premises clusters, and workloads using GKE On-Prem

  • Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository

This course is intended for the following participants:

  • Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers, and SysOps/DevOps engineers.

  • Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.

To get the most of out of this course, you should have:

  • Completed Google Cloud Platform Fundamentals: Core Infrastructure or have equivalent experience

  • Completed Architecting with Google Kubernetes Engine or have equivalent experience

Course Outline

Architecting with GKE
Module 1: Introduction to Google Cloud Platform
  • The Google Cloud Platform Console
  • Cloud Shell
  • Define cloud computing
  • Identify GCPs compute services
  • Regions and zones
  • The cloud resource hierarchy
  • Administer your GCP resources
Module 2: Containers and Kubernetes in GCP
  • Create a container using Cloud Build
  • Store a container in Container Registry
  • The relationship between Kubernetes and Google Kubernetes Engine (GKE)
  • How to choose among GCP compute platforms
Module 3: Kubernetes Architecture
  • The architecture of Kubernetes: pods, namespaces
  • The control-plane components of Kubernetes
  • Create container images using Google Cloud Build
  • Store container images in Google Container Registry
  • Create a Kubernetes Engine cluster
Module 4: Kubernetes Operations
  • Work with the kubectl command
  • Inspect the cluster and Pods
  • View a Pods console output
  • Sign in to a Pod interactively
Module 5: Deployments, Jobs, and Scaling
  • Create and use Deployments
  • Create and run Jobs and CronJobs
  • Scale clusters manually and automatically
  • Configure Node and Pod affinity
  • Get software into your cluster with Helm charts and Kubernetes Marketplace
Module 6: GKE Networking
  • Create Services to expose applications that are running within Pods
  • Use load balancers to expose Services to external clients
  • Create Ingress resources for HTTP(S) load balancing
  • Leverage container-native load balancing to improve Pod load balancing
  • Define Kubernetes network policies to allow and block traffic to pods
Module 7: Persistent Data and Storage
  • Use Secrets to isolate security credentials
  • Use ConfigMaps to isolate configuration artifacts
  • Push out and roll back updates to Secrets and ConfigMaps
  • Configure Persistent Storage Volumes for Kubernetes Pods
  • Use StatefulSets to ensure that claims on persistent storage volumes persist across restarts
Module 8: Access Control and Security in Kubernetes and Kubernetes Engine
  • Kubernetes authentication and authorisation
  • Kubernetes RBAC roles and role bindings for accessing resources in namespaces
  • Kubernetes RBAC cluster roles and cluster role bindings for accessing cluster-scoped resources
  • Define Kubernetes pod security policies
  • The structure of GCP IAM
  • IAM roles and policies for Kubernetes Engine cluster administration
Module 9: Logging and Monitoring
  • Use Stackdriver to monitor and manage availability and performance
  • Locate and inspect Kubernetes logs
  • Create probes for wellness checks on live applications
Module 10: Using GCP Managed Storage Services from Kubernetes Applications
  • Pros and cons for using a managed storage service versus self-managed containerised storage
  • Enable applications running in GKE to access GCP storage services
  • Use cases for Cloud Storage, Cloud SQL, Cloud Spanner, Cloud Bigtable, Cloud Firestore, and BigQuery from within a Kubernetes application

Anthos
Module 1: Anthos Overview
  • Understand Hybrid environments connected using Anthos
  • Explain problems identified and addressed when using Anthos with modern solution patterns
  • Describe the components of the Anthos technology stack
Module 2: Managing Hybrid Clusters using Kubernetes Engine
  • Understand the Anthos Compute Layer
  • Introduce the Anthos deployed on VMware cluster architecture
  • Explain the Anthos deployed on VMware components
  • Review initial networking considerations
  • Lab: Managing Hybrid Clusters using Kubernetes Engine
Module 3: Introduction to Service Mesh
  • Understand monolith to microservices evolution/transition and the benefits of service mesh
  • Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
  • Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
  • Lab A: Installing Open Source Istio on Kubernetes Engine
  • Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine
Module 4: Observing Services using Service Mesh Adapters
  • Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
  • Observe telemetry with dashboards using Prometheus and Grafana
  • Trace application timing through services with Jaeger
  • Observe service topologies, relationships, and live traffic using Kiali
Module 5: Manage Traffic Routing with Service Mesh
  • Understand the Istio control-plane Pilot component
  • Review traffic management use cases including ingress and service to service flows
  • Configure and observe multiple methods of traffic management including version-specific routing, and shifting traffic gradually from one version of a microservice to another
  • Lab: Manage Traffic Routing with Istio and Envoy
Module 6: Manage Policies and Security with Service Mesh
  • Incrementally adopt Istio security across services using mTLS
  • Configure inbound authentication from outside the service mesh
  • Lab: Manage Policies and Security with Istio and Citadel
Module 7: Managing Policies using Anthos Config Management
  • Explain configuration challenges introduced when using multi-cluster topologies
  • Install Anthos Config Management, and connect your Git repository
  • Verify manual configuration changes (drift) are reversed, ensuring consistent policy
  • Update configuration using the Git repository and verify changes are applied
  • Lab: Managing Policies in Kubernetes Engine using Anthos Config Management
Module 8: Configuring Anthos GKE for Multi-Cluster Operation
  • Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
  • Understand and configure DNS when locating external services
  • Understand and configure Citadel and certificates when enabling multi-cluster applications
  • Lab: Configuring GKE for Multi-Cluster Operation with Istio
  • Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation