Manage Scalable Workloads in GKE Enterprise (MSWGKE) – Outline

Detailed Course Outline

Module 1 - Introduction to GKE Enterprise

Topics:

  • Multi-cloud and multi-cluster overview
  • GKE Enterprise introduction
  • Sameness and trust
  • GKE Enterprise features

Objectives:

  • Recognize the challenges of designing and building multi-environment solutions.
  • Compare and contrast GKE modes of operation.
  • Describe the concepts of sameness and trust, and use them to manage fleets.
  • Identify the features and components of the GKE Enterprise technology stack.

Activities:

  • Quiz

Module 2 - GKE Enterprise architecture

Topics:

  • GKE Enterprise for Centrally Managed Clusters
  • Deploy an Enterprise Developer Platform with GKE
  • Create and Manage GKE Enterprise Clusters
  • Access GKE Enterprise Clusters

Objectives:

  • Recognize how GKE Enterprise can be used to centralize cluster management.
  • Examine the architecture of GKE Enterprise clusters.
  • Create, connect, and manage GKE Enterprise clusters.
  • Securely access GKE Enterprise clusters.

Activities:

  • Quiz

Module 3 - Fleets and teams

Topics:

  • GKE fleets
  • Example fleet solutions
  • Fleet team management
  • Fleet management

Objectives:

  • Define GKE fleets.
  • Describe how GKE fleets can solve common cluster management problems.
  • Manage fleets and teams in GKE Enterprise.
  • Detail the elements of fleet management.

Activities:

  • Quiz
  • Lab: Manage Workloads at Scale with GKE Fleets and Teams

Module 4 - Managing GKE configuration at scale

Topics:

  • Configuration management challenges
  • Centralized configuration management at scale
  • Config Sync
  • Policy Controller
  • Config Connector
  • Blueprints

Objectives:

  • Recognize the challenges of scaling multi-cluster, multi-tenant configurations.
  • Configure a centralized configuration management using a GitOps model.
  • Describe the benefits and architecture of Config Sync.
  • Use Policy Controller to enforce security and compliance in GKE.
  • Create a standardized, reusable, and policy-driven foundation for Kubernetes deployments.

Activities:

  • Quiz
  • Lab: Automate GKE Configuration with Config Sync

Module 5 - Fleet networking

Topics:

  • Fleet networking communications
  • Pod discovery in GKE Enterprise
  • Multi-cluster Services
  • Configuring multi-cluster Services
  • Multi-cluster gateway
  • Configuring multi-cluster gateways

Objectives:

  • Explain how fleet networking works.
  • Describe how Pods in a Kubernetes cluster communicate with each other.
  • Enable multi-cluster Services.
  • Configure multi-cluster Services.
  • Detail the elements of fleet management.
  • Outline the role of a multi-cluster gateway.
  • Configure a multi-cluster gateway.

Activities:

  • Quiz
  • Lab: Deploying a Multi-Cluster Gateway Across GKE Clusters

Module 6 - Cloud Service Mesh

Topics:

  • Introduction to Cloud Service Mesh
  • Provisioning Cloud Service Mesh
  • Handling requests
  • Cloud Service Mesh dashboards and support

Objectives:

  • List and describe the benefits of using Cloud Service Mesh.
  • Install and configure Cloud Service Mesh on different clusters.
  • Trace the path of a request through the mesh, correctly identifying and explaining the role of key components like Envoy proxies, Mesh CA, and extensions in handling the request.
  • Create Service Mesh dashboards from workload telemetry including metrics, traces, and logs.

Activities:

  • Quiz
  • Lab: Installing Cloud Service Mesh on Google Kubernetes Engine

Module 7 - Cloud Service Mesh routing

Topics:

  • Google Cloud APIs for Cloud Service Mesh
  • Configuring Cloud Service Mesh with Istio API resources
  • Configuring VirtualService and DestinationRule
  • Configuring ServiceEntry
  • Configuring a Gateway
  • Configuring a WorkloadEntry and WorkloadGroup
  • Network resilience and testing

Objectives:

  • Explain how Cloud Service Mesh learns the network from Kubernetes.
  • Deploy mesh API resources such as the VirtualService, DestinationRule, Gateway, ServiceEntry, and the Sidecar to configure the mesh.
  • Describe how to harden the mesh network by introducing new functionality such as request retries, request timeouts, and circuit breakers.
  • Explore Service Mesh resilience by creating failures and delays on specific services.

Activities:

  • Quiz
  • Lab: Managing Traffic Flow with Cloud Service Mesh

Module 8 - Service Mesh security

Topics:

  • Authentication and encryption
  • Service authentication in the mesh
  • End-user authentication in Cloud Service Mesh
  • Authorization in Cloud Service Mesh

Objectives:

  • Encrypt traffic between microservices to prevent anyone in the network from gaining access to private information.
  • Authorize services and requests, ensuring that services only access the information that is allowed access from other services.
  • Authenticate and authorize services and requests to verify trust among services in the mesh and among end users.
  • Limit service access in the network so that granular controls over the communication can be established.

Activities:

  • Quiz
  • Lab: Secure Cloud Service Mesh with Policy Controller and mTLS

Module 9 - Multi-cluster networking with Cloud Service Mesh

Topics:

  • Single network east-west routing
  • Multiple network east-west routing

Objectives:

  • Set up a multi-cluster mesh with a single subnet in a single VPC network. Account for variations like multi-region clusters, multiple projects, shared VPC, and private clusters.
  • Enable communication between GKE clusters on different networks using an east-west gateway and attached clusters.

Activities:

  • Quiz
  • Lab: Manage and Secure Distributed Services with GKE Managed Service Mesh

Module 10 - Managing identity for GKE Enterprise using GKE Identity Service

Topics:

  • Introduction to GKE Identity Service
  • Connect gateway overview
  • Configuring connect gateway for authentication and authorization
  • Accessing clusters with GKE Identity Service
  • Authenticating third-party identities with GKE Identity Service
  • Fleet Workload Identity

Objectives:

  • Explain the differences between authentication methods for GKE clusters.
  • Summarize the key features of Connect gateway. Explain how it simplifies and secures connections to GKE Enterprise fleet member clusters.
  • Configure Connect gateway for authentication and authorization.
  • Securely access clusters using OpenID Connect (OIDC) and third-party identity providers (IdPs).
  • Configure GKE Identity Service to enable authentication and authorization for users using a third-party identity provider (IdP).
  • Differentiate between Workload Identity and Workload Identity Federation, and explain when to use each.

Activities:

  • Quiz
  • Lab: Managing Identity in GKE Enterprise with Connect Gateway

Module 11 - Security posture, compliance, and preventative controls

Topics:

  • GKE security posture overview
  • Security posture dashboard
  • Implementing node security
  • Vulnerability scanning
  • Additional security services

Objectives:

  • Describe GKE security posture.
  • Navigate and interpret the GKE security posture dashboard to identify security issues.
  • Analyze methods for hardening the GKE control plane, and evaluate their effectiveness in mitigating specific security risks.
  • Implement node security measures to protect GKE worker nodes from potential threats.
  • Describe the process of vulnerability scanning in GKE.
  • Apply the insights from the GKE security posture dashboard to prioritize and remediate vulnerabilities in GKE deployments.
  • Explain the roles and capabilities of Google Cloud's Artifact Analysis and Security Command Center in enhancing GKE security.

Activities:

  • Quiz

Module 12 - CI/CD at scale in GKE

Topics:

  • CI/CD in Google Cloud
  • Cloud Deploy and GKE
  • Cloud Run and Knative serving
  • CI/CD in a private network
  • Securing the software supply chain

Objectives:

  • Describe the core components of Google Cloud's CI/CD pipeline and how they address common challenges in application modernization.
  • Analyze how Google Cloud Deploy integrates with GKE to manage Kubernetes manifests and control deployments.
  • Compare and contrast the deployment strategies for Cloud Run services and jobs within GKE Enterprise.
  • Explain the steps required to establish a peered VPC connection for secure CI/CD in a private network.
  • Evaluate the various security measures and tools available within Google Cloud for securing the software supply chain.

Activities:

  • Quiz
  • Lab: Creating CI/CD Pipelines for GKE Enterprise Clusters

Module 13 - Generative AI for GKE Enterprise

Topics:

  • AI and GKE overview
  • AI model training on GKE
  • AI model serving on GKE
  • AI cost management on GKE

Objectives:

  • Explain how GKE serves as a suitable platform for large language models and the increasing demand for hardware accelerators.
  • Describe the high-level architecture of a GKE-based training platform for AI models.
  • Outline the architecture for a GKE-based model serving platform.
  • Outline different cost management strategies available when using GKE for AI/ML workloads.

Activities:

  • Quiz