ACM/ASM Workshop
Welcome to the ACM/ASM Workshop!
Note
It’s not an official Google’s workshop.
This ACM/ASM Workshop allows to illustrate an advanced and secure setup of a platform generated by Kubernetes resources, via GitOps.
This workshop leverages 3 main services:
- Google Kubernertes Engine (GKE)
- Anthos Config Management (ACM): Config Sync, Config Controller, Policy Controller and Config Connector
- Anthos Service Mesh (ASM)
It’s a step-by-step guided hands-on lab.
After the workshop, you will be able to:
- Better understand the different services included in ACM: Config Sync, Config Controller, Policy Controller and Config Connector
- Secure a GKE cluster
- Get experience with GitOps flow to deploy Kubernetes manifests
- Deploy Infrastructure, Configs and Applications via Kubernetes manifests, via GitOps
- Define clear roles and responsabilities between Org Admin, Platform Admin and Apps Operator
- Set up a Managed ASM on GKE with a secure Ingress Gateway behind a HTTPS GCLB and Cloud Armor
- Deploy sample apps such as Whereami, Online Boutique and Bank of Anthos with security best practices including Pod Security Admission (PSA),
NetworkPolicies
,Sidecars
andAuthorizationPolicies
. - Use external managed databases such as Memorystore (Redis) and Spanner for Online Boutique
With this workshop, here is what you will accomplish, from scratch:
Recently tested with:
- GKE 1.25.5-gke.1500
- ASM MCP 1.15.4-asm.2 + MDP 1.15.4-asm.2
- ACM 1.14.1
- Whereami 1.2.14
- Online Boutique 0.5.0
- Bank of Anthos 0.5.10