You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Application deployment - CI/CD tools like Cloud Build, GitLab
7648
+
* Application development - Cloud Code
7649
+
</b></details>
7650
+
7651
+
<details>
7652
+
<summary>What is the primary computing environment for Anthos to easily manage workload deployment?</summary><br><b>
7653
+
7654
+
* Google Kubernetes Engine (GKE)
7655
+
</b></details>
7656
+
7657
+
<details>
7658
+
<summary>How does Anthos handle the control plane and node components for GKE?</summary><br><b>
7659
+
7660
+
On GCP the kubernetes api-server is the only control plane component exposed to customers whilst compute engine manages
7661
+
instances in the project.
7662
+
</b></details>
7663
+
7664
+
<details>
7665
+
<summary>Which load balancing options are available?</summary><br><b>
7666
+
7667
+
* Networking load balancing for L4 and HTTP(S) Load Balancing for L7 which are both managed services that do not require
7668
+
additional configuration.
7669
+
* Ingress for Anthos which allows the ability to deploy a load balancer that serves an application across multiple clusters
7670
+
on GKE
7671
+
</b></details>
7672
+
7673
+
<details>
7674
+
<summary>Can you deploy Anthos on AWS?</summary><br><b>
7675
+
7676
+
* Yes, Anthos on AWS is now GA. For more read [here](https://cloud.google.com/anthos/gke/docs/aws)
7677
+
</b></details>
7678
+
7679
+
<details>
7680
+
<summary>List and explain the enterprise security capabilities provided by Anthos</summary><br><b>
7681
+
7682
+
* Control plane security - GCP manages and maintains the K8s control plane out of the box. The user can secure the api-server by using master authorized networks and private clusters. These allow the user to disable access on the public IP address by assigning a private IP address to the master.
7683
+
* Node security - By default workloads are provisioned on Compute engine instances that use Google's Container Optimised OS. This operating system implements a locked-down firewall, limited user accounts with root disabled and a read-only filesystem. There is a further option to enable GKE Sandbox for stronger isolation in multi-tenant deployment scenarions.
7684
+
* Network security - Within a created cluster VPC, Anthos GKE leverages a powerful software-defined network that enables simple Pod-toPod communications. Network policies allow locking down ingress and egress connections in a given namespoace. Filtering can also be implemented to incoming load-balanced traffic for services that require external access, by supplying whitelisted CIDR IP ranges.
7685
+
* Workload security - Running workloads run with limited privileges, default Docker AppArmor security policies are applied to all Kubernetes Pods. Workload identity for Anthos GKE aligns with the open source kubernetes service accounts with GCP service account permissions.
7686
+
* Audit logging - Adminstrators are given a way to retain, query, process and alert on events of the deployed environments.
7687
+
</b></details>
7688
+
7689
+
<details>
7690
+
<summary>How can workloads deployed on Anthos GKE on-prem clusters securely connect to Google Cloud services?</summary><br><b>
7691
+
7692
+
* Google Cloud Virtual Private Network (Cloud VPN) - this is for secure networking
7693
+
* Google Cloud Key Management Service (Cloud KMS) - for key management
7694
+
</b></details>
7695
+
7696
+
<details>
7697
+
<summary>What is Island Mode configuration with regards to networking in Anthos GKE deployed on-prem?</summary><br><b>
7698
+
7699
+
* This is when pods can directly talk to each other within a cluster, but cannot be reached from outside the cluster thus forming an "island" within the network that is not connected to the external network.
It is a core component of the Anthos stack which provides platform, service and security operators with a single, unified approach to multi-cluster management that spans both on-premises and cloud environments. It closely follows K8s best practices, favoring declarative approaches over imperative operations, and actively monitors cluster state and applies the desired state as defined in Git. It includes three key components as follows:
7706
+
7707
+
1. An importer that reads from a central Git repository
7708
+
2. A component that synchronises stored configuration data into K8s objects
7709
+
3. A component that monitors drift between desired and actual cluster configurations with a capability of reconciliation when need rises.
7710
+
</b></details>
7711
+
7712
+
<details>
7713
+
<summary>How does Anthos Config Management help?</summary><br><b>
7714
+
7715
+
It follows common modern software development practices which makes cluster configuration, management and policy changes auditable, revertable, and versionable easily enforcing IT governance and unifying resource management in an organisation.
0 commit comments