Skip to Scheduled Dates
Course Overview
This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP). Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in that course.
Who Should Attend
Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers, and SysOps/DevOps engineers.
Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.
Course Objectives
- Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
- Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
- Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
- Connect and manage on-premises clusters, and workloads using GKE On-Prem.
- Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.
Course Outline
1 - Anthos Overview
- Understand Hybrid environments connected using Anthos
- Explain problems identified and addressed when using Anthos with modern solution patterns
- Describe the components of the Anthos technology stack
2 - Managing Hybrid Clusters using Kubernetes Engine
- Understand the Anthos Compute Layer
- Introduce the Anthos deployed on VMware cluster architecture
- Explain the Anthos deployed on VMware components
- Review initial networking considerations
3 - Introduction to Service Mesh
- Understand monolith to microservices evolution/transition and the benefits of service mesh
- Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
- Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
4 - Observing Services using Service Mesh Adapters
- Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
- Observe telemetry with dashboards using Prometheus and Grafana
- Trace application timing through services with Jaeger
- Observe service topologies, relationships, and live traffic using Kiali
5 - Managing Traffic Routing with Service Mesh
- Understand the Istio control-plane Pilot component
- Review traffic management use cases including ingress and service to service flows
- Configure and observe multiple methods of traffic management
- including version-specific routing, and shifting traffic gradually from one version of a microservice to another.
6 - Securing your Services with Service Mesh
- Incrementally adopt Istio security across services using mTLS
- Configure inbound authentication from outside the service mesh
7 - Managing Policies using Anthos Config Management
- Explain configuration challenges introduced when using multi-cluster topologies
- Install Anthos Config Management, and connect your Git repository
- Verify manual configuration changes (drift) are reversed, ensuring consistent policy
- Update configuration using the Git repository and verify changes are applied
8 - Configuring Anthos GKE and Service Mesh for Multi-Cluster Operation
- Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
- Understand and configure DNS when locating external services
- Understand and configure Citadel and certificates when enabling multi-cluster applications