• Google Cloud
  • Kubernetes, Hybrid, and Multi-Cloud

Manage Scalable Workloads in GKE Enterprise

Contact us to book this course
Learning Track icon
Learning Track

Kubernetes, Hybrid, and Multi-Cloud

Delivery methods icon
Delivery methods

On-Site, Virtual

Duration icon
Duration

3 days

Discover how to modernize, manage, and observe applications at scale using Google Kubernetes Engine Enterprise. This course uses lectures and hands-on labs to help you explore and deploy using Google Kubernetes Engine (GKE), GKE Fleets, Cloud Service Mesh, and Config Controller capabilities that will enable you to work with modern applications, even when they are split among multiple clusters hosted by multiple providers.

Course objectives

  • Describe the components and architecture of GKE Enterprise
  • Identify and describe the core components of a GKE Enterprise fleet.
  • Describe how fleets discover and communicate with each other in GKE Enterprise.
  • Detail the benefits of using Service Mesh and use it to implement advanced routing and traffic management.
  • Secure traffic between microservices using Cloud Service Mesh.
  • Create multi-cluster networking architectures with Cloud Service Mesh.
  • Use authentication to effectively manage identity in GKE Enterprise.
  • Evaluate and apply various security measures to effectively protect and manage GKE deployments.
  • Evaluate options and Google Cloud products that allow you to create scalable CI/CD implementations within a GKE Enterprise environment.
  • Explore how GKE facilitates the deployment and optimization of gen AI models.

Audience

  • Google Cloud practitioners.
  • Individuals using Google Cloud to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.

Prerequisites

Having completed Google Cloud Platform Fundamentals: Core Infrastructure or having equivalent experience. Having completed Architecting with GKE or having equivalent experience.

 

 

Course outline

  • Recognize the challenges of designing and building multi-environment solutions.
  • Compare and contrast GKE modes of operation.
  • Describe the concepts of sameness and trust, and use them to manage fleets.
  • Identify the features and components of the GKE Enterprise technology stack.
  • Recognize how GKE Enterprise can be used to centralize cluster management.
  • Examine the architecture of GKE Enterprise clusters.
  • Create, connect, and manage GKE Enterprise clusters.
  • Securely access GKE Enterprise clusters.
  • Define GKE fleets.
  • Describe how GKE fleets can solve common cluster management problems.
  • Manage fleets and teams in GKE Enterprise.
  • Detail the elements of fleet management.
  • Lab: Manage Workloads at Scale with GKE Fleets and Teams
  • Recognize the challenges of scaling multi-cluster, multi-tenant configurations.
  • Configure a centralized configuration management using a GitOps model.
  • Describe the benefits and architecture of Config Sync.
  • Use Policy Controller to enforce security and compliance in GKE.
  • Create a standardized, reusable, and policy-driven foundation for Kubernetes deployments.
  • Lab: Automate GKE Configuration with Config Sync
  • Explain how fleet networking works.
  • Describe how Pods in a Kubernetes cluster communicate with each other.
  • Enable multi-cluster Services.
  • Configure multi-cluster Services.
  • Detail the elements of fleet management.
  • Outline the role of a multi-cluster gateway.
  • Configure a multi-cluster gateway.
  • Lab: Deploying a Multi-Cluster Gateway Across GKE Clusters
  • List and describe the benefits of using Cloud Service Mesh.
  • Install and configure Cloud Service Mesh on different clusters.
  • Trace the path of a request through the mesh, correctly identifying and explaining the role of key components like Envoy proxies, Mesh CA, and extensions in handling the request.
  • Create Service Mesh dashboards from workload telemetry including metrics, traces, and logs.
  • Lab: Installing Cloud Service Mesh on Google Kubernetes Engine
  • Explain how Cloud Service Mesh learns the network from Kubernetes.
  • Deploy mesh API resources such as the VirtualService, DestinationRule, Gateway, Service Entry, and the Sidecar to configure the mesh.
  • Describe how to harden the mesh network by introducing new functionality such as request retries, request timeouts, and circuit breakers.
  • Explore Service Mesh resilience by creating failures and delays on specific services.
  • Lab: Managing Traffic Flow with Cloud Service Mesh
  • Encrypt traffic between microservices to prevent anyone in the network from gaining access to private information.
  • Authorize services and requests, ensuring that services only access the information that is allowed access from other services.
  • Authenticate and authorize services and requests to verify trust among services in the mesh and among end users.
  • Limit service access in the network so that granular controls over the communication can be established.
  • Lab: Secure Cloud Service Mesh with Policy Controller and mTLS
  • Set up a multi-cluster mesh with a single subnet in a single VPC network. Account for variations like multi-region clusters, multiple projects, shared VPC, and private clusters.
  • Enable communication between GKE clusters on different networks using an east-west gateway and attached clusters.
  • Lab: Manage and Secure Distributed Services with GKE Managed Service Mesh
  • Explain the differences between authentication methods for GKE clusters.
  • Summarize the key features of Connect gateway. Explain how it simplifies and secures connections to GKE Enterprise fleet member clusters.
  • Configure Connect gateway for authentication and authorization.
  • Securely access clusters using OpenID Connect (OIDC) and third-party identity providers (IdPs).
  • Configure GKE Identity Service to enable authentication and authorization for users using a third-party identity provider (IdP).
  • Differentiate between Workload Identity and Workload Identity Federation, and explain when to use each.
  • Lab: Managing Identity in GKE Enterprise with Connect Gateway
  • Describe GKE security posture.
  • Navigate and interpret the GKE security posture dashboard to identify security issues.
  • Analyze methods for hardening the GKE control plane, and evaluate their effectiveness in mitigating specific security risks.
  • Implement node security measures to protect GKE worker nodes from potential threats.
  • Describe the process of vulnerability scanning in GKE.
  • Apply the insights from the GKE security posture dashboard to prioritize and remediate vulnerabilities in GKE deployments.
  • Explain the roles and capabilities of Google Cloud's Artifact Analysis and Security Command Center in enhancing GKE security.
  • Describe the core components of Google Cloud's CI/CD pipeline and how they address common challenges in application modernization.
  • Analyze how Google Cloud Deploy integrates with GKE to manage Kubernetes manifests and control deployments.
  • Compare and contrast the deployment strategies for Cloud Run services and jobs within GKE Enterprise.
  • Explain the steps required to establish a peered VPC connection for secure CI/CD in a private network.
  • Evaluate the various security measures and tools available within Google Cloud for securing the software supply chain.
  • Lab: Creating CI/CD Pipelines for GKE Enterprise Clusters
  • Explain how GKE serves as a suitable platform for large language models and the increasing demand for hardware accelerators.
  • Describe the high-level architecture of a GKE-based training platform for AI models.
  • Outline the architecture for a GKE-based model serving platform.
  • Outline different cost management strategies available when using GKE for AI/ML workloads.

Ready to accelerate your team's innovation?

Schedule a meeting

Related courses

Browse all courses