Google Anthos in Action: Manage hybrid and multi-cloud Kubernetes clusters 9781633439573
Learn multicloud deployment on Anthos directly from the Google development team! Anthos delivers a consistent management
160 80 52MB
English Pages 498 Year 2023
- Author / Uploaded
- Antonio Gulli
- Michael Madison; Scott Surovich
- Categories
- Computers
- System Administration
Table of contents :
inside front cover
Google Anthos in Action
Copyright
contents
front matter
preface
acknowledgments
Authors
about this book
Who should read this book?
How this book is organized: A road map
liveBook discussion forum
about the lead authors
about the cover illustration
1 Overview of Anthos
1.1 Anatomy of a modern application
1.1.1 Accelerating software development
1.1.2 Standardizing operations at scale
1.2 Origins in Google
Summary
2 One single pane of glass
2.1 Single pane of glass
2.2 Non-Anthos visibility and interaction
2.2.1 Kubernetes Dashboard
2.2.2 Provider-specific UIs
2.2.3 Bespoke software
2.3 The Anthos UI
2.3.1 Fleets
2.3.2 Connect: How does it work?
2.3.3 Installation and registration
2.4 The Anthos Cloud UI
2.4.1 The Anthos dashboard
2.4.2 Service Mesh
2.4.3 Config Management
2.4.4 Clusters
2.4.5 Features
2.4.6 Migrating to containers
2.4.7 Security
2.5 Monitoring and logging
2.6 GKE dashboard
2.7 Connecting to a remote cluster
Summary
3 Computing environment built on Kubernetes
3.1 Why do you need to understand Kubernetes?
3.1.1 Technical requirements
3.1.2 History and overview
3.1.3 Managing Kubernetes clusters
3.2 Kubernetes architecture
3.2.1 Understanding the cluster layers
3.2.2 The control plane components
3.2.3 Worker node components
3.2.4 Understanding declarative and imperative
3.2.5 Understanding Kubernetes resources
3.2.6 Kubernetes resources in depth
3.2.7 Controlling Pod scheduling
3.3 Advanced topics
3.3.1 Aggregate ClusterRoles
3.3.2 Custom schedulers
3.4 Examples and case studies
3.4.1 FooWidgets Industries
Summary
4 Anthos Service Mesh: Security and observability at scale
4.1 Technical requirements
4.2 What is a service mesh?
4.3 An introduction to Istio
4.3.1 Istio architecture
4.3.2 Istio traffic management
4.3.3 Istio security
4.3.4 Istio observability
4.4 What is Anthos Service Mesh?
4.5 Installing ASM
4.5.1 Sidecar proxy injection
4.5.2 Uniform observability
4.5.3 Operational agility
4.5.4 Policy-driven security
4.6 Conclusion
4.7 Examples and case studies
4.7.1 Evermore Industries
Summary
5 Operations management
5.1 Unified user interface from Google Cloud console
5.1.1 Registering clusters to Google Cloud console
5.1.2 Authentication
5.1.3 Cluster management
5.1.4 Logging and monitoring
5.1.5 Service Mesh logging
5.1.6 Using service-level indicators and agreements
5.2 Anthos command-line management
5.2.1 Using CLI tools for GKE on-prem
5.2.2 GKE on AWS
5.3 Anthos attached clusters
5.4 Anthos on bare metal
5.5 Connect gateway
5.6 Anthos on Azure
5.6.1 Cluster management: Creation
5.6.2 Cluster management: Deletion
Summary
6 Bringing it all together
6.1 Application development
6.2 Application deployment
6.2.1 Cloud Source Repositories
6.2.2 Cloud Build
6.2.3 Artifact Registry
6.2.4 Google Cloud Marketplace
6.2.5 Migrate for Anthos
6.3 Policy enforcement
6.4 Service management
Summary
7 Hybrid applications
7.1 Highly available applications
7.1.1 Architecture
7.1.2 Benefits
7.1.3 Limitations
7.2 Geographically distributed applications
7.2.1 Ingress for Anthos architecture
7.2.2 Ingress for Anthos benefits
7.2.3 Ingress for Anthos limitations
7.3 Hybrid multicloud applications with internet access
7.3.1 Traffic Director architecture
7.3.2 Traffic Director benefits
7.3.3 Traffic Director limitations
7.4 Applications regulated by law
7.4.1 Architecture
7.4.2 Benefits
7.5 Applications that must run on the edge
7.5.1 Architecture
7.5.2 Benefits
7.5.3 Limitations
Summary
8 Working at the edge and the telco world
8.1 Evolution of telecom applications
8.1.1 Introduction to network functions virtualization
8.1.2 NFV use cases
8.1.3 Evolution to cloud native network functions
8.2 New edge applications
8.2.1 5G as the enabler of new edge applications
8.2.2 Edge computing
8.2.3 Edge application examples
8.3 Anthos as a platform for edge and telco workloads
8.3.1 Google Distributed Cloud Edge
8.3.2 Anthos capabilities for telco and edge workloads
8.3.3 Solution architecture example: Smart retail
Summary
9 Serverless compute engine (Knative)
9.1 Introduction to serverless
9.2 Knative
9.2.1 Introduction
9.2.2 Knative history
9.3 Knative architecture
9.3.1 Knative Kubernetes resource types
9.3.2 Knative Serving
9.3.3 Knative Eventing
9.3.4 Observability
9.3.5 Installing Knative
9.3.6 Deploying to Knative
Summary
10 Networking environment
10.1 Cloud networking and hybrid connectivity
10.1.1 Single-cloud deployment
10.1.2 Multi/hybrid cloud deployment
10.2 Anthos GKE networking
10.2.1 Anthos cluster networking
10.2.2 Anthos GKE IP address management
10.3 Anthos multicluster networking
10.3.1 Multicluster networking on GCP
10.3.2 Multicluster networking in hybrid and multicloud environments
10.4 Services and client connectivity
10.4.1 Client-to-Service connectivity
10.4.2 Service-to-Service connectivity
10.4.3 Service-to-external Services connectivity
Summary
11 Config Management architecture
11.1 What are we trying to solve?
11.1.1 Managing complexity
11.1.2 Transparency and inspection
11.1.3 Remediating and preventing problems
11.1.4 Bringing it together
11.2 Overview of ACM
11.2.1 ACM policy structure
11.2.2 ACM-specific objects
11.2.3 Additional components
11.3 Examples and case studies
11.3.1 Evermore Industries
11.3.2 Village Linen, LLC
11.3.3 Ambiguous Rock Feasting
11.4 Conclusions
Summary
12 Integrations with CI/CD
12.1 Introduction to CI/CD
12.1.1 Repeatability
12.1.2 Reliability
12.1.3 Reusability
12.1.4 Automated tests
12.1.5 Trunk-based development
12.1.6 Environment parity
12.1.7 Deployment automation
12.1.8 Team culture
12.1.9 Built-in security/DevSecOps
12.1.10 Version control
12.1.11 Artifact versioning
12.1.12 Monitoring
12.2 Continuous delivery vs. continuous deployment
12.3 Continuous development
12.3.1 Setting up a local preview minikube cluster
12.3.2 Continuous development with Skaffold
12.3.3 Cloud Code: Developing with a local IDE
12.3.4 Anthos Developer Sandbox: Development with a cloud native IDE
12.4 Continuous integration
12.4.1 Cloud Source Repositories
12.4.2 Artifact Registry
12.4.3 Cloud Build
12.4.4 Kustomize for generating environment-specific configuration
12.5 Continuous deployment with Cloud Deploy
12.5.1 Cloud Deploy in the Anthos CI/CD
12.5.2 Google Cloud Deploy delivery pipeline for Anthos
12.6 Modern CI/CD platform
Summary
13 Security and policies
13.1 Technical requirements
13.2 Hypervisors vs. container runtimes
13.3 Kubernetes security overview
13.3.1 Understanding Kubernetes security objects
13.3.2 Types of security
13.4 Common security concerns
13.4.1 Understanding the Policy Controller
13.4.2 Using Binary Authorization to secure the supply chain
13.4.3 Using Gatekeeper to replace PSPs
13.5 Understanding container scanning
13.5.1 Enabling container scanning
13.5.2 Adding images to your repository
13.5.3 Reviewing image vulnerabilities
13.6 Understanding container security
13.6.1 Running containers as root
13.6.2 Running privileged containers
13.7 Using ACM to secure your service mesh
13.7.1 Using ACM to enforce mutual TLS
13.8 Conclusion
13.9 Examples and case study
13.9.1 Evermore Industries
Summary
14 Marketplace
14.1 The Google Marketplace
14.1.1 Public Marketplace
14.1.2 Service Catalog
14.1.3 Deploying on a GKE on-prem cluster
14.2 Real-world scenarios
14.2.1 Example 1: Elasticsearch
14.2.2 Example 2: MariaDB
14.2.3 What we have done so far
14.2.4 Example 3: Cassandra
14.2.5 Example 4: Prometheus and Grafana
Summary
15 Migrate
15.1 Migrate for Anthos benefits
15.1.1 Density
15.1.2 Cost
15.1.3 Infrastructure
15.1.4 Automation
15.1.5 Security
15.1.6 Service management
15.1.7 Day 2 operations
15.2 Recommended workloads for migration
15.3 M4A architecture
15.3.1 Migration workflow
15.3.2 From virtual machines to containers
15.3.3 A look at the Windows environment
15.3.4 A complete view of the modernization journey
15.4 Real-world scenarios
15.4.1 Using the fit assessment tool
15.4.2 Basic migration example
15.4.3 Google Cloud console UI migration example
15.4.4 Windows migration
15.4.5 Migration from other clouds
15.5 Advanced topic: M4A best practices
15.6 Postmigration integration with CI/CD pipelines
15.7 Postmigration integration with ASM
Summary
16 Breaking the monolith
16.1 Modernizing legacy applications
16.2 Using Anthos for modernization
16.2.1 Approach to modernization
16.3 Benefits of Anthos for microservices
16.4 Real-world examples
16.5 Antipatterns to avoid
Summary
17 Compute environment running on bare metal
17.1 Introduction to Anthos on bare metal
17.1.1 Comparing Anthos on-prem deployment options
17.2 Anthos bare metal architecture
17.2.1 Cluster architecture
17.3 Installation and configuration overview
17.3.1 Operating systems and software requirements
17.3.2 Hardware capacity requirements
17.3.3 Admin workstation
17.3.4 Networking requirements
17.3.5 Google Cloud Platform requirements
17.4 Creating clusters
17.4.1 Creating an admin, hybrid, or standalone cluster
17.4.2 Creating a user cluster
17.5 Upgrading clusters
17.5.1 Upgrading an admin, standalone, or hybrid cluster
17.5.2 Upgrading a user cluster
Summary
Appendix A. Cloud is a new computing stack
A.1 Introduction
A.2 Digital Velocity and The Enterprise Dilema
A.3 Traditional models for application development and delivery
A.3.1 Advantages and Pitfalls of Client / Server Architecture
A.3.2 Advantages and Pitfalls of Web Architecture
A.3.3 Service Oriented Architecture
A.4 Disrupting Application Delivery and The Birth of Cloud
A.4.1 Disrupting How Software is Made
A.4.2 Development Innovation at Google
A.4.3 Application Development throughout the Industry
A.4.4 Contract-first development, SOA and the evolution to Microservices
A.5 Microservices and Containers
A.5.1 Containers Enable Microservices
A.5.2 Software defined everything and DevOps
A.5.3 Cloud is the modern computing stack
A.6 Summary
Appendix B. Lessons from the field
B.1 Introduction
B.2 Some lessons from the field
B.2.1 First up - Where are you trying to go and why?
B.2.2 Get comfortable with change
B.2.3 Share experiences with others, both good and bad
B.2.4 Identify your motivations including short and long term success criteria
B.2.5 Develop meaningful metrics - publish a simple dashboard
B.2.6 Selecting your project team, tooling and getting everyone “on the bus”
B.2.7 Conduct workshops and develop an Architecture early
B.2.8 Validate you prerequisites and get your service accounts ready
B.2.9 Find design partners that can focus on “the application”
B.2.10 It’s time to get building and implement a solid foundation
B.2.11 What’s your organization's level of maturity?
B.2.12 The power of GitOps and Pipelines
B.2.13 Take a security first approach
B.2.14 The power of a Service Mesh
B.2.15 Application onboarding and migrations
B.2.16 Developer Experience and Intelligent defaults
B.2.17 Educate everyone along the way
B.2.18 Build a great front door
B.2.19 Get to Production
B.2.20 Keep looking at and testing new technology…
Appendix C. Compute environment running on VMware
C.1 Why should I use Anthos on VMware?
C.2 Anthos on VMware Architecture
C.3 Deploying the Admin workstation
C.3.1 Anthos Networking
C.3.2 GCP integration capabilities
C.4 Summary
Appendix D. Data and analytics
D.1 Portability Versus Mobility
D.1.1 Chapter Organization
D.2 Kubernetes and Storage
D.2.1 On the Emergence of a Standard
D.2.2 Container Storage Interface
D.2.3 Differentiation Behind CSI
D.3 Anthos and Storage
D.3.1 Anthos Managed Storage Drivers
D.3.2 Anthos Ready Storage Partner Program
D.3.3 Anthos Backup Services
D.3.4 Looking Ahead
D.4 BigQuery Omni Powered by Anthos
D.4.1 Giving BigQuery Access to Data in AWS
D.4.2 Capitalizing on BigQuery’s Storage Design Optimization
D.4.3 Differentiation Behind BigQuery Omni
D.4.4 Anthos Hybrid AI
D.4.5 Hybrid AI Architecture
D.4.6 Hybrid AI Solutions
D.4.7 Differentiation Behind Hybrid AI
D.5 Summary
Appendix E. An end-to-end example of ML application
E.1 The need for MLOps
E.2 ML pipeline Automation
E.3 TensorFlow Extended
E.4 Kubeflow: an introduction
E.4.1 Kubeflow deep dive
E.4.2 Kubeflow central dashboard
E.4.3 Kubeflow Pipelines
E.4.4 Hyperparameter tuning using Katib
E.5 End to End ML on Kubeflow
E.6 Vertex AI
E.6.1 Datasets
E.6.2 Training and Experiments
E.6.3 Models and Endpoint
E.6.4 Workbench
E.6.5 Vertex AI- Final words
E.7 Summary
E.7.1 References
Appendix F. Compute environment running on Windows
F.1 Windows containers
F.1.1 Two modes of runtime isolation for Windows containers
F.2 Using Windows containers
F.2.1 Good candidates for Windows workloads
F.2.2 .NET Core vs .NET Framework applications
F.2.3 Container Licensing
F.2.4 Windows container base images
F.3 How Windows containers are different from Linux containers
F.4 Windows containers on Anthos and Google Kubernetes Engine (GKE) clusters
F.4.1 Architecture of Anthos and Google Kubernetes Engine (GKE) clusters with Windows node pools
F.4.2 Unique storage, networking, and identity considerations for Anthos and Google Kubernetes Engine (GKE) Windows environments
F.4.3 Storage
F.4.4 Networking
F.4.5 Active Directory Integration
F.5 Summary
index
inside back cover
![Google Anthos in Action: Manage hybrid and multi-cloud Kubernetes clusters [1 ed.]
1633439577, 9781633439573](https://dokumen.pub/img/200x200/google-anthos-in-action-manage-hybrid-and-multi-cloud-kubernetes-clusters-1nbsped-1633439577-9781633439573.jpg)
