Manage Scalable Workloads in GKE Enterprise

Manage Scalable Workloads in GKE EnterpriseMSWGKEGOGoogleGO-MSWGKE1.0<ul> <li>Describe the components and architecture of GKE Enterprise.</li><li>Identify and describe the core components of a GKE Enterprise fleet.</li><li>Describe how fleets discover and communicate with each other in GKE Enterprise.</li><li>Detail the benefits of using Service Mesh and use it to implement advanced routing and traffic management.</li><li>Secure traffic between microservices using Cloud Service Mesh.</li><li>Create multi-cluster networking architectures with Cloud Service Mesh.</li><li>Use authentication to effectively manage identity in GKE Enterprise.</li><li>Evaluate and apply various security measures to effectively protect and manage GKE deployments.</li><li>Evaluate options and Google Cloud products that allow you to create scalable CI/CD implementations within a GKE Enterprise environment.</li><li>Explore how GKE facilitates the deployment and optimization of gen AI models.</li></ul><ul> <li>Having completed Google Cloud Platform Fundamentals: Core Infrastructure or having equivalent experience.</li><li>Having completed Architecting with GKE or having equivalent experience.</li></ul><ul> <li>Google Cloud practitioners.</li><li>Individuals using Google Cloud to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.</li></ul><h4>Module 1 - Introduction to GKE Enterprise</h4> Topics: <ul> <li>Multi-cloud and multi-cluster overview</li><li>GKE Enterprise introduction</li><li>Sameness and trust</li><li>GKE Enterprise features</li></ul> Objectives: <ul> <li>Recognize the challenges of designing and building multi-environment solutions.</li><li>Compare and contrast GKE modes of operation.</li><li>Describe the concepts of sameness and trust, and use them to manage fleets.</li><li>Identify the features and components of the GKE Enterprise technology stack.</li></ul> Activities: <ul> <li>Quiz</li></ul><h4>Module 2 - GKE Enterprise architecture</h4> Topics: <ul> <li>GKE Enterprise for Centrally Managed Clusters</li><li>Deploy an Enterprise Developer Platform with GKE</li><li>Create and Manage GKE Enterprise Clusters</li><li>Access GKE Enterprise Clusters</li></ul> Objectives: <ul> <li>Recognize how GKE Enterprise can be used to centralize cluster management.</li><li>Examine the architecture of GKE Enterprise clusters.</li><li>Create, connect, and manage GKE Enterprise clusters.</li><li>Securely access GKE Enterprise clusters.</li></ul> Activities: <ul> <li>Quiz</li></ul><h4>Module 3 - Fleets and teams</h4> Topics: <ul> <li>GKE fleets</li><li>Example fleet solutions</li><li>Fleet team management</li><li>Fleet management</li></ul> Objectives: <ul> <li>Define GKE fleets.</li><li>Describe how GKE fleets can solve common cluster management problems.</li><li>Manage fleets and teams in GKE Enterprise.</li><li>Detail the elements of fleet management.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Manage Workloads at Scale with GKE Fleets and Teams</li></ul><h4>Module 4 - Managing GKE configuration at scale</h4> Topics: <ul> <li>Configuration management challenges</li><li>Centralized configuration management at scale</li><li>Config Sync</li><li>Policy Controller</li><li>Config Connector</li><li>Blueprints</li></ul> Objectives: <ul> <li>Recognize the challenges of scaling multi-cluster, multi-tenant configurations.</li><li>Configure a centralized configuration management using a GitOps model.</li><li>Describe the benefits and architecture of Config Sync.</li><li>Use Policy Controller to enforce security and compliance in GKE.</li><li>Create a standardized, reusable, and policy-driven foundation for Kubernetes deployments.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Automate GKE Configuration with Config Sync</li></ul><h4>Module 5 - Fleet networking</h4> Topics: <ul> <li>Fleet networking communications</li><li>Pod discovery in GKE Enterprise</li><li>Multi-cluster Services</li><li>Configuring multi-cluster Services</li><li>Multi-cluster gateway</li><li>Configuring multi-cluster gateways</li></ul> Objectives: <ul> <li>Explain how fleet networking works.</li><li>Describe how Pods in a Kubernetes cluster communicate with each other.</li><li>Enable multi-cluster Services.</li><li>Configure multi-cluster Services.</li><li>Detail the elements of fleet management.</li><li>Outline the role of a multi-cluster gateway.</li><li>Configure a multi-cluster gateway.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Deploying a Multi-Cluster Gateway Across GKE Clusters</li></ul><h4>Module 6 - Cloud Service Mesh</h4> Topics: <ul> <li>Introduction to Cloud Service Mesh</li><li>Provisioning Cloud Service Mesh</li><li>Handling requests</li><li>Cloud Service Mesh dashboards and support</li></ul> Objectives: <ul> <li>List and describe the benefits of using Cloud Service Mesh.</li><li>Install and configure Cloud Service Mesh on different clusters.</li><li>Trace the path of a request through the mesh, correctly identifying and explaining the role of key components like Envoy proxies, Mesh CA, and extensions in handling the request.</li><li>Create Service Mesh dashboards from workload telemetry including metrics, traces, and logs.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Installing Cloud Service Mesh on Google Kubernetes Engine</li></ul><h4>Module 7 - Cloud Service Mesh routing</h4> Topics: <ul> <li>Google Cloud APIs for Cloud Service Mesh</li><li>Configuring Cloud Service Mesh with Istio API resources</li><li>Configuring VirtualService and DestinationRule</li><li>Configuring ServiceEntry</li><li>Configuring a Gateway</li><li>Configuring a WorkloadEntry and WorkloadGroup</li><li>Network resilience and testing</li></ul> Objectives: <ul> <li>Explain how Cloud Service Mesh learns the network from Kubernetes.</li><li>Deploy mesh API resources such as the VirtualService, DestinationRule, Gateway, ServiceEntry, and the Sidecar to configure the mesh.</li><li>Describe how to harden the mesh network by introducing new functionality such as request retries, request timeouts, and circuit breakers.</li><li>Explore Service Mesh resilience by creating failures and delays on specific services.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Managing Traffic Flow with Cloud Service Mesh</li></ul><h4>Module 8 - Service Mesh security</h4> Topics: <ul> <li>Authentication and encryption</li><li>Service authentication in the mesh</li><li>End-user authentication in Cloud Service Mesh</li><li>Authorization in Cloud Service Mesh</li></ul> Objectives: <ul> <li>Encrypt traffic between microservices to prevent anyone in the network from gaining access to private information.</li><li>Authorize services and requests, ensuring that services only access the information that is allowed access from other services.</li><li>Authenticate and authorize services and requests to verify trust among services in the mesh and among end users.</li><li>Limit service access in the network so that granular controls over the communication can be established.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Secure Cloud Service Mesh with Policy Controller and mTLS</li></ul><h4>Module 9 - Multi-cluster networking with Cloud Service Mesh</h4> Topics: <ul> <li>Single network east-west routing</li><li>Multiple network east-west routing</li></ul> Objectives: <ul> <li>Set up a multi-cluster mesh with a single subnet in a single VPC network. Account for variations like multi-region clusters, multiple projects, shared VPC, and private clusters.</li><li>Enable communication between GKE clusters on different networks using an east-west gateway and attached clusters.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Manage and Secure Distributed Services with GKE Managed Service Mesh</li></ul><h4>Module 10 - Managing identity for GKE Enterprise using GKE Identity Service</h4> Topics: <ul> <li>Introduction to GKE Identity Service</li><li>Connect gateway overview</li><li>Configuring connect gateway for authentication and authorization</li><li>Accessing clusters with GKE Identity Service</li><li>Authenticating third-party identities with GKE Identity Service</li><li>Fleet Workload Identity</li></ul> Objectives: <ul> <li>Explain the differences between authentication methods for GKE clusters.</li><li>Summarize the key features of Connect gateway. Explain how it simplifies and secures connections to GKE Enterprise fleet member clusters.</li><li>Configure Connect gateway for authentication and authorization.</li><li>Securely access clusters using OpenID Connect (OIDC) and third-party identity providers (IdPs).</li><li>Configure GKE Identity Service to enable authentication and authorization for users using a third-party identity provider (IdP).</li><li>Differentiate between Workload Identity and Workload Identity Federation, and explain when to use each.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Managing Identity in GKE Enterprise with Connect Gateway</li></ul><h4>Module 11 - Security posture, compliance, and preventative controls</h4> Topics: <ul> <li>GKE security posture overview</li><li>Security posture dashboard</li><li>Implementing node security</li><li>Vulnerability scanning</li><li>Additional security services</li></ul> Objectives: <ul> <li>Describe GKE security posture.</li><li>Navigate and interpret the GKE security posture dashboard to identify security issues.</li><li>Analyze methods for hardening the GKE control plane, and evaluate their effectiveness in mitigating specific security risks.</li><li>Implement node security measures to protect GKE worker nodes from potential threats.</li><li>Describe the process of vulnerability scanning in GKE.</li><li>Apply the insights from the GKE security posture dashboard to prioritize and remediate vulnerabilities in GKE deployments.</li><li>Explain the roles and capabilities of Google Cloud's Artifact Analysis and Security Command Center in enhancing GKE security.</li></ul> Activities: <ul> <li>Quiz</li></ul><h4>Module 12 - CI/CD at scale in GKE</h4> Topics: <ul> <li>CI/CD in Google Cloud</li><li>Cloud Deploy and GKE</li><li>Cloud Run and Knative serving</li><li>CI/CD in a private network</li><li>Securing the software supply chain</li></ul> Objectives: <ul> <li>Describe the core components of Google Cloud's CI/CD pipeline and how they address common challenges in application modernization.</li><li>Analyze how Google Cloud Deploy integrates with GKE to manage Kubernetes manifests and control deployments.</li><li>Compare and contrast the deployment strategies for Cloud Run services and jobs within GKE Enterprise.</li><li>Explain the steps required to establish a peered VPC connection for secure CI/CD in a private network.</li><li>Evaluate the various security measures and tools available within Google Cloud for securing the software supply chain.</li></ul> Activities: <ul> <li>Quiz</li><li>Lab: Creating CI/CD Pipelines for GKE Enterprise Clusters</li></ul><h4>Module 13 - Generative AI for GKE Enterprise</h4> Topics: <ul> <li>AI and GKE overview</li><li>AI model training on GKE</li><li>AI model serving on GKE</li><li>AI cost management on GKE</li></ul> Objectives: <ul> <li>Explain how GKE serves as a suitable platform for large language models and the increasing demand for hardware accelerators.</li><li>Describe the high-level architecture of a GKE-based training platform for AI models.</li><li>Outline the architecture for a GKE-based model serving platform.</li><li>Outline different cost management strategies available when using GKE for AI/ML workloads.</li></ul> Activities: <ul> <li>Quiz</li></ul>- Describe the components and architecture of GKE Enterprise. - Identify and describe the core components of a GKE Enterprise fleet. - Describe how fleets discover and communicate with each other in GKE Enterprise. - Detail the benefits of using Service Mesh and use it to implement advanced routing and traffic management. - Secure traffic between microservices using Cloud Service Mesh. - Create multi-cluster networking architectures with Cloud Service Mesh. - Use authentication to effectively manage identity in GKE Enterprise. - Evaluate and apply various security measures to effectively protect and manage GKE deployments. - Evaluate options and Google Cloud products that allow you to create scalable CI/CD implementations within a GKE Enterprise environment. - Explore how GKE facilitates the deployment and optimization of gen AI models.- Having completed Google Cloud Platform Fundamentals: Core Infrastructure or having equivalent experience. - Having completed Architecting with GKE or having equivalent experience.- Google Cloud practitioners. - Individuals using Google Cloud to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.Module 1 - Introduction to GKE Enterprise Topics: - Multi-cloud and multi-cluster overview - GKE Enterprise introduction - Sameness and trust - GKE Enterprise features Objectives: - Recognize the challenges of designing and building multi-environment solutions. - Compare and contrast GKE modes of operation. - Describe the concepts of sameness and trust, and use them to manage fleets. - Identify the features and components of the GKE Enterprise technology stack. Activities: - Quiz Module 2 - GKE Enterprise architecture Topics: - GKE Enterprise for Centrally Managed Clusters - Deploy an Enterprise Developer Platform with GKE - Create and Manage GKE Enterprise Clusters - Access GKE Enterprise Clusters Objectives: - Recognize how GKE Enterprise can be used to centralize cluster management. - Examine the architecture of GKE Enterprise clusters. - Create, connect, and manage GKE Enterprise clusters. - Securely access GKE Enterprise clusters. Activities: - Quiz Module 3 - Fleets and teams Topics: - GKE fleets - Example fleet solutions - Fleet team management - Fleet management Objectives: - Define GKE fleets. - Describe how GKE fleets can solve common cluster management problems. - Manage fleets and teams in GKE Enterprise. - Detail the elements of fleet management. Activities: - Quiz - Lab: Manage Workloads at Scale with GKE Fleets and Teams Module 4 - Managing GKE configuration at scale Topics: - Configuration management challenges - Centralized configuration management at scale - Config Sync - Policy Controller - Config Connector - Blueprints Objectives: - Recognize the challenges of scaling multi-cluster, multi-tenant configurations. - Configure a centralized configuration management using a GitOps model. - Describe the benefits and architecture of Config Sync. - Use Policy Controller to enforce security and compliance in GKE. - Create a standardized, reusable, and policy-driven foundation for Kubernetes deployments. Activities: - Quiz - Lab: Automate GKE Configuration with Config Sync Module 5 - Fleet networking Topics: - Fleet networking communications - Pod discovery in GKE Enterprise - Multi-cluster Services - Configuring multi-cluster Services - Multi-cluster gateway - Configuring multi-cluster gateways Objectives: - Explain how fleet networking works. - Describe how Pods in a Kubernetes cluster communicate with each other. - Enable multi-cluster Services. - Configure multi-cluster Services. - Detail the elements of fleet management. - Outline the role of a multi-cluster gateway. - Configure a multi-cluster gateway. Activities: - Quiz - Lab: Deploying a Multi-Cluster Gateway Across GKE Clusters Module 6 - Cloud Service Mesh Topics: - Introduction to Cloud Service Mesh - Provisioning Cloud Service Mesh - Handling requests - Cloud Service Mesh dashboards and support Objectives: - List and describe the benefits of using Cloud Service Mesh. - Install and configure Cloud Service Mesh on different clusters. - Trace the path of a request through the mesh, correctly identifying and explaining the role of key components like Envoy proxies, Mesh CA, and extensions in handling the request. - Create Service Mesh dashboards from workload telemetry including metrics, traces, and logs. Activities: - Quiz - Lab: Installing Cloud Service Mesh on Google Kubernetes Engine Module 7 - Cloud Service Mesh routing Topics: - Google Cloud APIs for Cloud Service Mesh - Configuring Cloud Service Mesh with Istio API resources - Configuring VirtualService and DestinationRule - Configuring ServiceEntry - Configuring a Gateway - Configuring a WorkloadEntry and WorkloadGroup - Network resilience and testing Objectives: - Explain how Cloud Service Mesh learns the network from Kubernetes. - Deploy mesh API resources such as the VirtualService, DestinationRule, Gateway, ServiceEntry, and the Sidecar to configure the mesh. - Describe how to harden the mesh network by introducing new functionality such as request retries, request timeouts, and circuit breakers. - Explore Service Mesh resilience by creating failures and delays on specific services. Activities: - Quiz - Lab: Managing Traffic Flow with Cloud Service Mesh Module 8 - Service Mesh security Topics: - Authentication and encryption - Service authentication in the mesh - End-user authentication in Cloud Service Mesh - Authorization in Cloud Service Mesh Objectives: - Encrypt traffic between microservices to prevent anyone in the network from gaining access to private information. - Authorize services and requests, ensuring that services only access the information that is allowed access from other services. - Authenticate and authorize services and requests to verify trust among services in the mesh and among end users. - Limit service access in the network so that granular controls over the communication can be established. Activities: - Quiz - Lab: Secure Cloud Service Mesh with Policy Controller and mTLS Module 9 - Multi-cluster networking with Cloud Service Mesh Topics: - Single network east-west routing - Multiple network east-west routing Objectives: - Set up a multi-cluster mesh with a single subnet in a single VPC network. Account for variations like multi-region clusters, multiple projects, shared VPC, and private clusters. - Enable communication between GKE clusters on different networks using an east-west gateway and attached clusters. Activities: - Quiz - Lab: Manage and Secure Distributed Services with GKE Managed Service Mesh Module 10 - Managing identity for GKE Enterprise using GKE Identity Service Topics: - Introduction to GKE Identity Service - Connect gateway overview - Configuring connect gateway for authentication and authorization - Accessing clusters with GKE Identity Service - Authenticating third-party identities with GKE Identity Service - Fleet Workload Identity Objectives: - Explain the differences between authentication methods for GKE clusters. - Summarize the key features of Connect gateway. Explain how it simplifies and secures connections to GKE Enterprise fleet member clusters. - Configure Connect gateway for authentication and authorization. - Securely access clusters using OpenID Connect (OIDC) and third-party identity providers (IdPs). - Configure GKE Identity Service to enable authentication and authorization for users using a third-party identity provider (IdP). - Differentiate between Workload Identity and Workload Identity Federation, and explain when to use each. Activities: - Quiz - Lab: Managing Identity in GKE Enterprise with Connect Gateway Module 11 - Security posture, compliance, and preventative controls Topics: - GKE security posture overview - Security posture dashboard - Implementing node security - Vulnerability scanning - Additional security services Objectives: - Describe GKE security posture. - Navigate and interpret the GKE security posture dashboard to identify security issues. - Analyze methods for hardening the GKE control plane, and evaluate their effectiveness in mitigating specific security risks. - Implement node security measures to protect GKE worker nodes from potential threats. - Describe the process of vulnerability scanning in GKE. - Apply the insights from the GKE security posture dashboard to prioritize and remediate vulnerabilities in GKE deployments. - Explain the roles and capabilities of Google Cloud's Artifact Analysis and Security Command Center in enhancing GKE security. Activities: - Quiz Module 12 - CI/CD at scale in GKE Topics: - CI/CD in Google Cloud - Cloud Deploy and GKE - Cloud Run and Knative serving - CI/CD in a private network - Securing the software supply chain Objectives: - Describe the core components of Google Cloud's CI/CD pipeline and how they address common challenges in application modernization. - Analyze how Google Cloud Deploy integrates with GKE to manage Kubernetes manifests and control deployments. - Compare and contrast the deployment strategies for Cloud Run services and jobs within GKE Enterprise. - Explain the steps required to establish a peered VPC connection for secure CI/CD in a private network. - Evaluate the various security measures and tools available within Google Cloud for securing the software supply chain. Activities: - Quiz - Lab: Creating CI/CD Pipelines for GKE Enterprise Clusters Module 13 - Generative AI for GKE Enterprise Topics: - AI and GKE overview - AI model training on GKE - AI model serving on GKE - AI cost management on GKE Objectives: - Explain how GKE serves as a suitable platform for large language models and the increasing demand for hardware accelerators. - Describe the high-level architecture of a GKE-based training platform for AI models. - Outline the architecture for a GKE-based model serving platform. - Outline different cost management strategies available when using GKE for AI/ML workloads. Activities: - Quiz3 jours1995.002753.001995.001950.001995.001995.001995.001995.00