You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+44-3Lines changed: 44 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7624,6 +7624,11 @@ startap-script
7624
7624
<summary>What the following commands does? `gcloud deployment-manager deployments create`</summary><br><b>
7625
7625
</b></details>
7626
7626
7627
+
<details>
7628
+
<summary>What is Cloud Code?</summary><br><b>
7629
+
It is a set of tools to help developers write, run and debug GCP kubernetes based applications. It provides built-in support for rapid iteration, debugging and running applications in development and production K8s environments.
7630
+
</b></details>
7631
+
7627
7632
### Google Kubernetes Engine (GKE)
7628
7633
7629
7634
<details>
@@ -7688,8 +7693,8 @@ instances in the project.
7688
7693
<summary>List and explain the enterprise security capabilities provided by Anthos</summary><br><b>
7689
7694
7690
7695
* Control plane security - GCP manages and maintains the K8s control plane out of the box. The user can secure the api-server by using master authorized networks and private clusters. These allow the user to disable access on the public IP address by assigning a private IP address to the master.
7691
-
* Node security - By default workloads are provisioned on Compute engine instances that use Google's Container Optimised OS. This operating system implements a locked-down firewall, limited user accounts with root disabled and a read-only filesystem. There is a further option to enable GKE Sandbox for stronger isolation in multi-tenant deployment scenarions.
7692
-
* Network security - Within a created cluster VPC, Anthos GKE leverages a powerful software-defined network that enables simple Pod-toPod communications. Network policies allow locking down ingress and egress connections in a given namespoace. Filtering can also be implemented to incoming load-balanced traffic for services that require external access, by supplying whitelisted CIDR IP ranges.
7696
+
* Node security - By default workloads are provisioned on Compute engine instances that use Google's Container Optimised OS. This operating system implements a locked-down firewall, limited user accounts with root disabled and a read-only filesystem. There is a further option to enable GKE Sandbox for stronger isolation in multi-tenant deployment scenarios.
7697
+
* Network security - Within a created cluster VPC, Anthos GKE leverages a powerful software-defined network that enables simple Pod-to-Pod communications. Network policies allow locking down ingress and egress connections in a given namespace. Filtering can also be implemented to incoming load-balanced traffic for services that require external access, by supplying whitelisted CIDR IP ranges.
7693
7698
* Workload security - Running workloads run with limited privileges, default Docker AppArmor security policies are applied to all Kubernetes Pods. Workload identity for Anthos GKE aligns with the open source kubernetes service accounts with GCP service account permissions.
7694
7699
* Audit logging - Adminstrators are given a way to retain, query, process and alert on events of the deployed environments.
7695
7700
</b></details>
@@ -7726,7 +7731,7 @@ It follows common modern software development practices which makes cluster conf
7726
7731
<details>
7727
7732
<summary>What is Anthos Service Mesh?</summary><br><b>
7728
7733
7729
-
* It is a suite of tools that assist in monitoring and managing deployed services on Anthos of all shapes and sizes whether running in cloud, hybrid or multi-cloud environments. It leverages the APIs and core components from Istio, a highly comfigurable and open-source service mesh platform.
7734
+
* It is a suite of tools that assist in monitoring and managing deployed services on Anthos of all shapes and sizes whether running in cloud, hybrid or multi-cloud environments. It leverages the APIs and core components from Istio, a highly configurable and open-source service mesh platform.
7730
7735
</b></details>
7731
7736
7732
7737
<details>
@@ -7762,6 +7767,42 @@ Tool and technology integration that makes up Anthos service mesh delivers signf
7762
7767
* HTTP header-based traffic steering between individual services or versions
7763
7768
</b></details>
7764
7769
7770
+
<details>
7771
+
<summary>What is Cloud Run for Anthos?</summary><br><b>
7772
+
7773
+
It is part of the Anthos stack that brings a serverless container experience to Anthos, offering a high-level platform experience on top of K8s clusters. It is built with Knative, an open-source operator for K8s that brings serverless application serving and eventing capabilities.
7774
+
</b></details>
7775
+
7776
+
<details>
7777
+
<summary>How does Cloud Run for Anthos simplify operations?</summary><br><b>
7778
+
7779
+
Platform teams in organisations that wish to offer developers additional tools to test, deploy and run applications can use Knative to enhance this experience on Anthos as Cloud Run. Below are some of the benefits;
7780
+
7781
+
* Easy migration from K8s deployments - Without Cloud Run, platform engineers have to configure deployment, service, and HorizontalPodAutoscalers(HPA) objects to a loadbalancer and autoscaling. If application is already serving traffic it becomes hard to change configurations or roll back efficiently. Using Cloud Run all this is managed thus the Knative service manifest describes the application to be autoscaled and loadbalanced
7782
+
* Autoscaling - a sudden traffic spike may cause application containers in K8s to crash due to overload thus an efficient automated autoscaling is executed to serve the high volume of traffic
7783
+
* Networking - it has built-in load balancing capabilities and policies for traffic splitting between multiple versions of an application.
7784
+
* Releases and rollouts - supports the notion of the Knatibe API's revisions which describe new versions or different configurations of your application and canary deployments by splitting traffic.
7785
+
* Monitoring - observing and recording metrics such as latency, error rate and requests per second.
7786
+
</b></details>
7787
+
7788
+
<details>
7789
+
<summary>List and explain three high-level out of the box autoscaling primitives offered by Cloud Run for Anthos that do not exist in K8s natively</summary><br><b>
7790
+
7791
+
* Rapid, request-based autoscaling - default autoscalers monitor request metrics which allows Cloud Run for Anthos to handle spiky traffic patterns smoothly
7792
+
* Concurrency controls - limits such as max in-flight requests per container are enforced to ensure the container does not become overloaded and crash. More containers are added to handle the spiky traffic, buffering the requests.
7793
+
* Scale to zero - if an application is inactive for a while Cloud Run scales it down to zero to reduce its footprint. Alternatively one can turn off scale-to-zero to prevent cold starts.
7794
+
</b></details>
7795
+
7796
+
<details>
7797
+
<summary>List some Cloud Run for Anthos use cases</summary><br><b>
7798
+
As it does not support stateful applications or sticky sessions, it is suitable for running stateless applications such as:
7799
+
7800
+
* Machine learning model predictions e.g Tensorflow serving containers
7801
+
* API gateways, API middleware, web front ends and Microservices
0 commit comments