ACM/ASM Workshop

Welcome to the ACM/ASM Workshop!

Note

It’s not an official Google’s workshop.

This ACM/ASM Workshop allows to illustrate an advanced and secure setup of a platform generated by Kubernetes resources, via GitOps.

This workshop leverages 3 main services:

  • Google Kubernertes Engine (GKE)
  • Anthos Config Management (ACM): Config Sync, Config Controller, Policy Controller and Config Connector
  • Anthos Service Mesh (ASM)

It’s a step-by-step guided hands-on lab.

After the workshop, you will be able to:

  • Better understand the different services included in ACM: Config Sync, Config Controller, Policy Controller and Config Connector
  • Secure a GKE cluster
  • Get experience with GitOps flow to deploy Kubernetes manifests
  • Deploy Infrastructure, Configs and Applications via Kubernetes manifests, via GitOps
  • Define clear roles and responsabilities between Org Admin, Platform Admin and Apps Operator
  • Set up a Managed ASM on GKE with a secure Ingress Gateway behind a HTTPS GCLB and Cloud Armor
  • Deploy sample apps such as Whereami, Online Boutique and Bank of Anthos with security best practices including Pod Security Admission (PSA), NetworkPolicies, Sidecars and AuthorizationPolicies.
  • Use external managed databases such as Memorystore (Redis) and Spanner for Online Boutique

With this workshop, here is what you will accomplish, from scratch:

Workshop Architecture diagram Workshop Architecture diagram

Recently tested with:

  • GKE 1.25.5-gke.1500
  • ASM MCP 1.15.4-asm.2 + MDP 1.15.4-asm.2
  • ACM 1.14.1
  • Whereami 1.2.14
  • Online Boutique 0.5.0
  • Bank of Anthos 0.5.10