This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP). Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in that course.
Who should attend
This class is primarily intended for the following participants:
- Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers, and SysOps/DevOps engineers.
- Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.
- Completed Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or have equivalent experience, and
- Completed Architecting with Google Kubernetes Engine (AGKE) or have equivalent experience
This course teaches participants the following skills:
- Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
- Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
- Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
- Connect and manage on-premises clusters, and workloads using GKE On-Prem.
- Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.
Outline: Architecting Hybrid Cloud Infrastructure with Anthos (T-AHYBRID-I)
Module 1: Anthos Overview
- Introduce the Anthos platform
- Understand Hybrid environments connected using Anthos
- Explain problems identified and addressed when using Anthos with modern solution patterns
- Describe the components of the Anthos technology stack
Module 2: Managing Hybrid Clusters using Kubernetes Engine
Objective: Connect and manage Anthos GKE clusters for both Anthos on Google Cloud and on-premises clusters
- Understand the Anthos Compute Layer
- Introduce the Anthos deployed on VMware cluster architecture
- Explain the Anthos deployed on VMware components
- Review initial networking considerations
- Lab: Managing Hybrid Clusters using Kubernetes Engine
Module 3: Introduction to Service Mesh
Objective: Understand and deploy the Istio service mesh architecture
- Understand monolith to microservices evolution/transition and the benefits of service mesh
- Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
- Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
- Lab A: Installing Open Source Istio on Kubernetes Engine
- Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine
Module 4: Observing Services using Service Mesh Adapters
Objectives: Use Istio adapters for telemetry collection, metrics, dashboards, debugging, tracing, and visualization
- Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
- Observe telemetry with dashboards using Prometheus and Grafana
- Trace application timing through services with Jaeger
- Observe service topologies, relationships, and live traffic using Kiali
- Lab: Observing Services using Prometheus, Grafana, Jaeger, and Kiali
Module 5: Managing Traffic Routing with Service Mesh
Objectives: Configure the Istio abstract model to enable fine-grained traffic management to multiple services, with multiple subsets/versions
- Understand the Istio control-plane Pilot component
- Review traffic management use cases including ingress and service to service flows
- Configure and observe multiple methods of traffic management
- including version-specific routing, and shifting traffic gradually from one version of a microservice to another.
- Lab: Manage Traffic Routing with Istio and Envoy
Module 6: Securing your Services with Service Mesh
Objectives: Describe authentication, and authorization using Istio, and Citadel whether using one cluster or many
- Incrementally adopt Istio security across services using mTLS
- Configure inbound authentication from outside the service mesh
- Lab: Manage Policies and Security with Istio and Citadel
Module 7: Managing Policies using Anthos Config Management
Objectives: Configure Anthos Config Management with your Git repository to ensure consistent policy enforcement across your clusters
- Explain configuration challenges introduced when using multi-cluster topologies
- Install Anthos Config Management, and connect your Git repository
- Verify manual configuration changes (drift) are reversed, ensuring consistent policy
- Update configuration using the Git repository and verify changes are applied
- Lab: Managing Policies in Kubernetes Engine using Anthos Config Management
Module 8: Configuring Anthos GKE and Service Mesh for Multi-Cluster Operation
Objectives: Understand and configure multi-cluster architectures with Istio service mesh
- Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
- Understand and configure DNS when locating external services
- Understand and configure Citadel and certificates when enabling multi-cluster applications
- Lab: Configuring GKE for Multi-Cluster Operation with Istio
- Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation
About on-premises environments
Note: This course gives learners skills for architecting, managing, and observing multi-service applications that are deployed using multiple cluster environments. The labs for this course use a simulated on-premises environment in Google Cloud Platform. The course does not contain hands-on labs related to the configuration of Anthos deployed on VMware. Future learning offerings will teach skills related to deploying Anthos in specific infrastructure environments.