Architecting Hybrid Cloud Infrastructure with Anthos (T-AHYBRID-I)
Duration : 2 day
Who should attend
This class is primarily intended for the following participants:
- Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers, and SysOps/DevOps engineers.
- Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.
- Completed Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or have equivalent experience, and
- Completed Architecting with Google Kubernetes Engine (AGKE) or have equivalent experience
This course teaches participants the following skills:
- Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
- Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
- Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
- Connect and manage on-premises clusters, and workloads using GKE On-Prem.
- Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.
Module 1: Anthos Overview
- Introduce the Anthos platform
- Understand Hybrid environments connected using Anthos
- Explain problems identified and addressed when using Anthos with modern solution patterns
- Describe the components of the Anthos technology stack
Module 2: Managing Hybrid Clusters using Kubernetes Engine
Objective: Connect and manage Anthos GKE clusters for both Anthos on Google Cloud and on-premises clusters
- Understand the Anthos Compute Layer
- Introduce the Anthos deployed on VMware cluster architecture
- Explain the Anthos deployed on VMware components
- Review initial networking considerations
- Lab: Managing Hybrid Clusters using Kubernetes Engine
Module 3: Introduction to Service Mesh
Objective: Understand and deploy the Istio service mesh architecture
- Understand monolith to microservices evolution/transition and the benefits of service mesh
- Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
- Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
- Lab A: Installing Open Source Istio on Kubernetes Engine
- Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine
Module 4: Observing Services using Service Mesh Adapters
Objectives: Use Istio adapters for telemetry collection, metrics, dashboards, debugging, tracing, and visualization
- Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
- Observe telemetry with dashboards using Prometheus and Grafana
- Trace application timing through services with Jaeger
- Observe service topologies, relationships, and live traffic using Kiali
- Lab: Observing Services using Prometheus, Grafana, Jaeger, and Kiali
Module 5: Managing Traffic Routing with Service Mesh
Objectives: Configure the Istio abstract model to enable fine-grained traffic management to multiple services, with multiple subsets/versions
- Understand the Istio control-plane Pilot component
- Review traffic management use cases including ingress and service to service flows
- Configure and observe multiple methods of traffic management
- including version-specific routing, and shifting traffic gradually from one version of a microservice to another.
- Lab: Manage Traffic Routing with Istio and Envoy
Module 6: Securing your Services with Service Mesh
Objectives: Describe authentication, and authorization using Istio, and Citadel whether using one cluster or many
- Incrementally adopt Istio security across services using mTLS
- Configure inbound authentication from outside the service mesh
- Lab: Manage Policies and Security with Istio and Citadel
Module 7: Managing Policies using Anthos Config Management
Objectives: Configure Anthos Config Management with your Git repository to ensure consistent policy enforcement across your clusters
- Explain configuration challenges introduced when using multi-cluster topologies
- Install Anthos Config Management, and connect your Git repository
- Verify manual configuration changes (drift) are reversed, ensuring consistent policy
- Update configuration using the Git repository and verify changes are applied
- Lab: Managing Policies in Kubernetes Engine using Anthos Config Management
Module 8: Configuring Anthos GKE and Service Mesh for Multi-Cluster Operation
Objectives: Understand and configure multi-cluster architectures with Istio service mesh
- Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
- Understand and configure DNS when locating external services
- Understand and configure Citadel and certificates when enabling multi-cluster applications
- Lab: Configuring GKE for Multi-Cluster Operation with Istio
- Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation
About on-premises environments
Note: This course gives learners skills for architecting, managing, and observing multi-service applications that are deployed using multiple cluster environments. The labs for this course use a simulated on-premises environment in Google Cloud Platform. The course does not contain hands-on labs related to the configuration of Anthos deployed on VMware. Future learning offerings will teach skills related to deploying Anthos in specific infrastructure environments.