Agenda
- Host project
- As Org Admin, create a Host project
- As Org Admin, create a Config Controller instance
- As Org Admin, set up Host project’s Git repo
- As Org Admin, enforce policies for tenant projects
- Tenant project
- As Org Admin, set up the Tenant project
- As Org Admin, set up the Tenant project’s Git repo
- As Org Admin, enforce policies for Google Cloud resources
- As Org Admin, allow Monitoring for Tenant project
- As Platform Admin, set up Monitoring in Tenant project
- Networking
- As Org Admin, allow Networking for Tenant project
- As Platform Admin, set up Network in Tenant project
- GKE cluster
- As Org Admin, allow GKE for Tenant project
- As Org Admin, enforce policies for GKE cluster resources
- As Platform Admin, create GKE cluster in Tenant project
- As Org Admin, allow Fleet for Tenant project
- As Platform Admin, set up GKE configs’s Git repo in Tenant project
- As Platform Admin, enforce Kubernetes policies with Pod Security Admission (PSA) and
NetworkPolicies
- As Platform Admin, set up
NetworkPolicies
logging in GKE cluster
- Artifact Registry
- As Org Admin, allow Artifact Registry for Tenant project
- As Platform Admin, create Artifact Registry in Tenant project and allow GKE cluster to pull containers
- As Platform Admin, enforce policies for Artifact Registry (allowed container registries)
- Service Mesh
- As Org Admin, allow ASM for Tenant project
- As Platform Admin, install Managed ASM in GKE cluster
- As Platform Admin, set up ASM configs in GKE cluster
- As Platform Admin, enforce policies for ASM
- Ingress Gateway
- As Platform Admin, create the Public static IP address for the Ingress Gateway
- As Org Admin, allow Cloud Armor for Tenant project
- As Platform Admin, set up Cloud Armor in Tenant project
- As Platform Admin, deploy the Ingress Gateway linked to Cloud Armor in GKE cluster
- As Platform Admin, deploy
NetworkPolicies
for the Ingress Gateway namespace in GKE cluster
- As Platform Admin, deploy
AuthorizationPolicies
for the Ingress Gateway namespace in GKE cluster
- Whereami app
- As Platform Admin, set up DNS for the Whereami app
- As Platform Admin, set up URL uptime check on the Whereami app
- As Platform Admin, configure Config Sync for the Whereami app in GKE cluster
- As Apps Operator, copy Whereami container in private Artifact Registry
- As Apps Operator, deploy the Whereami app in GKE cluster
- As Apps Operator, deploy
AuthorizationPolicies
for the Whereami namespace in GKE cluster
- As Apps Operator, deploy
NetworkPolicies
for the Whereami namespace in GKE cluster
- As Apps Operator, deploy
Sidecars
for the Whereami namespace in GKE cluster
- Online Boutique apps
- As Platform Admin, set up DNS for the Online Boutique website
- As Platform Admin, set up URL uptime check on the Online Boutique website
- As Platform Admin, allow Config Sync for the Online Boutique apps in GKE cluster
- As Platform Admin, configure Config Sync for the Online Boutique apps in GKE cluster
- As Apps Operator, copy Online Boutique containers in private Artifact Registry
- As Apps Operator, deploy the Online Boutique apps in GKE cluster
- As Apps Operator, deploy
AuthorizationPolicies
for the Online Boutique namespace in GKE cluster
- As Apps Operator, deploy
NetworkPolicies
for the Online Boutique namespace in GKE cluster
- As Apps Operator, deploy
Sidecars
for the Online Boutique namespace in GKE cluster
- Memorystore (Redis)
- As Org Admin, allow Memorystore (Redis) for Tenant project
- As Org Admin, enforce policies for Memorystore (Redis) resources
- As Platform Admin, create Memorystore (Redis) instances with and without TLS in Tenant project
- As Apps Operator, configure Online Boutique apps to use Memorystore (Redis) instance
- As Apps Operator, secure Online Boutique apps to access Memorystore (Redis) instance via TLS
- Spanner
- As Org Admin, allow Spanner for Tenant project
- As Platform Admin, create Spanner instance in Tenant project
- As Apps Operator, configure Online Boutique apps to use Spanner instance
- Bank of Anthos apps
- As Platform Admin, set up DNS for the Bank of Anthos website
- As Platform Admin, set up URL uptime check on the Bank of Anthos website
- As Platform Admin, configure Config Sync for the Bank of Anthos apps in GKE cluster
- As Apps Operator, copy Bank of Anthos containers in private Artifact Registry
- As Apps Operator, deploy the Bank of Anthos apps in GKE cluster
- As Apps Operator, deploy
AuthorizationPolicies
for the Bank of Anthos namespace in GKE cluster
- As Apps Operator, deploy
NetworkPolicies
for the Bank of Anthos namespace in GKE cluster
- As Apps Operator, deploy
Sidecars
for the Bank of Anthos namespace in GKE cluster
- Monitoring & Audit
- As Platform Admin, verify ASM versions
- As Apps Operator, monitor apps security
- As Apps Operator, monitor apps health
- As Apps Operator, trace apps
- As Apps Operator, monitor Cloud Armor (WAF) rules
- As Apps Operator, scan workloads and configurations
- As Apps Operator, monitor resources synced by Config Sync
- As Apps Operator, monitor policies violations by Policy Controller
- As Apps Operator, monitor URLs uptime checks