Architecting Hybrid Cloud Infrastructure with Anthos

(2 days) 

This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP).

Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE Connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises. This is a continuation of Architecting with GKE and assumes hands-on experience with the technologies covered in that course.

Google Cloud Platform Training Course Objectives

This course teaches participants the following skills:

  • Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
  • Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
  • Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
  • Connect and manage on-premises clusters, and workloads using GKE On-Prem.
  • Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.


This class is primarily intended for the following participants:

  • Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers , and SysOps/DevOps engineers.
  • Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.


To get the most out of this course, participants should have:

  • Completed Google Cloud Platform Fundamentals: Core Infrastructure or have equivalent experience
  • Completed Architecting with GKE or have equivalent experience

Google Cloud Platform Training Course Outline

Module 1: Anthos Overview


  • Introduce the Anthos platform Topics Covered

Topics covered:

  • Understand Hybrid environments connected using Anthos
  • Explain problems identified and addressed when using Anthos with modern solution patterns
  • Describe the components of the Anthos technology stack

Module 2: Managing Hybrid Clusters using Kubernetes Engin


  • Connect and manage Anthos GKE clusters for both Anthos on Google Cloud and on-premises clusters.

Topics Covered:

  • Understand the Anthos Compute Layer
  • Introduce the Anthos deployed on VMware cluster architecture
  • Explain the Anthos deployed on VMware components
  • Review initial networking considerations Lab: Managing Hybrid Clusters using Kubernetes Engine

Module 3: Introduction to Service Mesh


  • Understand and deploy the Istio service mesh architecture

Topics Covered:

  • Understand monolith to microservices evolution/transition and the benefits of service mesh
  • Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
  • Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy Lab A: Installing Open Source Istio on Kubernetes Engine Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine

Module 4: Observing Services using Service Mesh Adapters


  • Use Istio adapters for telemetry collection, metrics, dashboards, debugging, tracing, and visualization.

Topics Covered:

  • Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
  • Observe telemetry with dashboards using Prometheus and Grafana
  • Trace application timing through services with Jaeger
  • Observe service topologies, relationships, and live traffic using Kiali

Module 5: Manage Traffic Routing with Service Mesh


  • Configure the Istio abstract model to enable fine-grained traffic management to multiple services, with multiple subsets/versions

Topics Covered:

  • Understand the Istio control-plane Pilot component
  • Review traffic management use cases including ingress and service to service flows
  • Configure and observe multiple methods of traffic management including version-specific routing, and shifting traffic gradually from one version of a microservice to another. Lab: Manage Traffic Routing with Istio and Envoy

Module 6: Manage Policies and Security with Service Mesh


  • Describe authentication, and authorization using Istio, and Citadel whether using one cluster or many.

Topics Covered:

  • Incrementally adopt Istio security across services using mTLS
  • Configure inbound authentication from outside the service mesh Lab: Manage Policies and Security with Istio and Citadel

Module 7: Managing Policies using Anthos Config Management


  • Configure Anthos Config Management with your Git repository to ensure consistent policy enforcement across your clusters

Topics Covered:

  • Explain configuration challenges introduced when using multi-cluster topologies
  • Install Anthos Config Management, and connect your Git repository
  • Verify manual configuration changes (drift) are reversed, ensuring consistent policy
  • Update configuration using the Git repository and verify changes are applied Lab: Managing Policies in Kubernetes Engine using Anthos Config Management

Module 8: Configuring Anthos GKE for Multi-Cluster Operation


  • Understand and configure multi-cluster architectures with Istio service mesh

Topics Covered:

  • Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
  • Understand and configure DNS when locating external services
  • Understand and configure Citadel and certificates when enabling multi-cluster applications

Lab: Configuring GKE for Multi-Cluster Operation with Istio

Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation