Architecting Hybrid Cloud Infrastructure with Anthos

Module 1: Anthos Overview

Objective:

• Introduce the Anthos platform

Topics Covered

• Understand Hybrid environments connected using Anthos
• Explain problems identified and addressed when using Anthos with modern solution patterns
• Describe the components of the Anthos technology stack

Module 2: Managing Hybrid Clusters using Kubernetes Engine

Objective: Connect and manage Anthos GKE clusters for both Anthos on Google Cloud and on-premises clusters

Topics Covered

• Understand the Anthos Compute Layer
• Introduce the Anthos deployed on VMware cluster architecture
• Explain the Anthos deployed on VMware components
• Review initial networking considerations

• Lab: Managing Hybrid Clusters using Kubernetes Engine

Module 3: Introduction to Service Mesh

Objective: Understand and deploy the Istio service mesh architecture

Topics Covered

• Understand monolith to microservices evolution/transition and the benefits of service mesh
• Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
• Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy

• Lab A: Installing Open Source Istio on Kubernetes Engine
• Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine

Module 4: Observing Services using Service Mesh Adapters

Objectives: Use Istio adapters for telemetry collection, metrics, dashboards, debugging, tracing, and visualization

Topics Covered

• Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
• Observe telemetry with dashboards using Prometheus and Grafana
• Trace application timing through services with Jaeger
• Observe service topologies, relationships, and live traffic using Kiali

• Lab: Observing Services using Prometheus, Grafana, Jaeger, and Kiali

Module 5: Managing Traffic Routing with Service Mesh

Objectives: Configure the Istio abstract model to enable fine-grained traffic management to multiple services, with multiple subsets/versions

Topics Covered

• Understand the Istio control-plane Pilot component
• Review traffic management use cases including ingress and service to service flows
• Configure and observe multiple methods of traffic management
• including version-specific routing, and shifting traffic gradually from one version of a microservice to another.

• Lab: Manage Traffic Routing with Istio and Envoy

Module 6: Securing your Services with Service Mesh

Objectives: Describe authentication, and authorization using Istio, and Citadel whether using one cluster or many

Topics Covered

• Incrementally adopt Istio security across services using mTLS
• Configure inbound authentication from outside the service mesh

• Lab: Manage Policies and Security with Istio and Citadel

Module 7: Managing Policies using Anthos Config Management

Objectives: Configure Anthos Config Management with your Git repository to ensure consistent policy enforcement across your clusters

Topics Covered

• Explain configuration challenges introduced when using multi-cluster topologies
• Install Anthos Config Management, and connect your Git repository
• Verify manual configuration changes (drift) are reversed, ensuring consistent policy
• Update configuration using the Git repository and verify changes are applied

• Lab: Managing Policies in Kubernetes Engine using Anthos Config Management

Module 8: Configuring Anthos GKE and Service Mesh for Multi-Cluster Operation

Objectives: Understand and configure multi-cluster architectures with Istio service mesh

Topics Covered

• Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
• Understand and configure DNS when locating external services
• Understand and configure Citadel and certificates when enabling multi-cluster applications

• Lab: Configuring GKE for Multi-Cluster Operation with Istio
• Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation

About on-premises environments

Note: This course gives learners skills for architecting, managing, and observing multi-service applications that are deployed using multiple cluster environments. The labs for this course use a simulated on-premises environment in Google Cloud Platform. The course does not contain hands-on labs related to the configuration of Anthos deployed on VMware. Future learning offerings will teach skills related to deploying Anthos in specific infrastructure environments.

• Completed or have equivalent experience, and
• Completed or have equivalent experience

This course teaches participants the following skills:

• Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
• Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
• Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
• Connect and manage on-premises clusters, and workloads using GKE On-Prem.
• Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.

This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP). Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in that course.

• Completed or have equivalent experience, and
• Completed or have equivalent experience