Manage Scalable Workloads in GKE Enterprise

Introduction to GKE Enterprise

• Recognize the challenges of designing and building multi-environment solutions.
• Compare and contrast GKE modes of operation.
• Describe the concepts of sameness and trust, and use them to manage fleets.
• Identify the features and components of the GKE Enterprise technology stack.

GKE Enterprise architecture

• Recognize how GKE Enterprise can be used to centralize cluster management.
• Examine the architecture of GKE Enterprise clusters.
• Create, connect, and manage GKE Enterprise clusters.
• Securely access GKE Enterprise clusters.

Fleets and teams

• Define GKE fleets.
• Describe how GKE fleets can solve common cluster management problems.
• Manage fleets and teams in GKE Enterprise.
• Detail the elements of fleet management.

Managing GKE configuration at scale

• Recognize the challenges of scaling multi-cluster, multi-tenant configurations.
• Configure a centralized configuration management using a GitOps model.
• Describe the benefits and architecture of Config Sync.
• Use Policy Controller to enforce security and compliance in GKE.
• Create a standardized, reusable, and policy-driven foundation for Kubernetes deployments.

Fleet networking

• Explain how fleet networking works.
• Describe how Pods in a Kubernetes cluster communicate with each other.
• Enable multi-cluster Services.
• Configure multi-cluster Services.
• Detail the elements of fleet management.
• Outline the role of a multi-cluster gateway.
• Configure a multi-cluster gateway.

Cloud Service Mesh

• List and describe the benefits of using Cloud Service Mesh.
• Install and configure Cloud Service Mesh on different clusters.
• Trace the path of a request through the mesh, correctly identifying and explaining the role of key components like Envoy proxies, Mesh CA, and extensions in handling the request.
• Create Service Mesh dashboards from workload telemetry including metrics, traces, and logs.

Cloud Service Mesh routing

• Explain how Cloud Service Mesh learns the network from Kubernetes.
• Deploy mesh API resources such as the VirtualService, DestinationRule, Gateway, Service Entry, and the Sidecar to configure the mesh.
• Describe how to harden the mesh network by introducing new functionality such as request retries, request timeouts, and circuit breakers.
• Explore Service Mesh resilience by creating failures and delays on specific services

Service Mesh security

• Encrypt traffic between microservices to prevent anyone in the network from gaining access to private information.
• Authorize services and requests, ensuring that services only access the information that is allowed access from other services.
• Authenticate and authorize services and requests to verify trust among services in the mesh and among end users.
• Limit service access in the network so that granular controls over the communication can be established.

Multi-cluster networking with Cloud Service Mesh

• Set up a multi-cluster mesh with a single subnet in a single VPC network. Account for variations like multi-region clusters, multiple projects, shared VPC, and private clusters.
• Enable communication between GKE clusters on different networks using an east-west gateway and attached clusters.

Managing identity for GKE Enterprise using GKE Identity Service

• Explain the differences between authentication methods for GKE clusters.
• Summarize the key features of Connect gateway. Explain how it simplifies and secures connections to GKE Enterprise fleet member clusters.
• Configure Connect gateway for authentication and authorization.
• Securely access clusters using OpenID Connect (OIDC) and third-party identity providers (IdPs).
• Configure GKE Identity Service to enable authentication and authorization for users using a third-party identity provider (IdP).
• Differentiate between Workload Identity and Workload Identity Federation, and explain when to use each.

Security posture, compliance, and preventative controls

• Describe GKE security posture.
• Navigate and interpret the GKE security posture dashboard to identify security issues.
• Analyze methods for hardening the GKE control plane, and evaluate their effectiveness in mitigating specific security risks.
• Implement node security measures to protect GKE worker nodes from potential threats.
• Describe the process of vulnerability scanning in GKE.
• Apply the insights from the GKE security posture dashboard to prioritize and remediate vulnerabilities in GKE deployments.
• Explain the roles and capabilities of Google Cloud's Artifact Analysis and Security Command Center in enhancing GKE security

CI/CD at scale in GKE

• Describe the core components of Google Cloud's CI/CD pipeline and how they address common challenges in application modernization.
• Analyze how Google Cloud Deploy integrates with GKE to manage Kubernetes manifests and control deployments.
• Compare and contrast the deployment strategies for Cloud Run services and jobs within GKE Enterprise.
• Explain the steps required to establish a peered VPC connection for secure CI/CD in a private network.
• Evaluate the various security measures and tools available within Google Cloud for securing the software supply chain.

Generative AI for GKE Enterprise

• Explain how GKE serves as a suitable platform for large language models and the increasing demand for hardware accelerators.
• Describe the high-level architecture of a GKE-based training platform for AI models.
• Outline the architecture for a GKE-based model serving platform.
• Outline different cost management strategies available when using GKE for AI/ML workloads.