Skip to content

Gcp Kubernetes

← Back to all decks

48 cards — 🟢 13 easy | 🟡 14 medium | 🔴 10 hard

🟢 Easy (13)

1. List and explain the enterprise security capabilities provided by Anthos

Show answer * Control plane security - GCP manages and maintains the K8s control plane out of the box. The user can secure the api-server by using master authorized networks and private clusters. These allow the user to disable access on the public IP address by assigning a private IP address to the master.

2. What is Anthos Service Mesh?

Show answer * It is a suite of tools that assist in monitoring and managing deployed services on Anthos of all shapes and sizes whether running in cloud, hybrid or multi-cloud environments. It leverages the APIs and core components from Istio, a highly configurable and open-source service mesh platform.

3. What is Google Cloud Code and how does it help Kubernetes development?

Show answer It is a set of tools to help developers write, run and debug GCP kubernetes based applications. It provides built-in support for rapid iteration, debugging and running applications in development and production K8s environments.

4. What is Google Anthos and what multi-cloud capabilities does it provide?

Show answer It is a managed application platform for organisations like enterprises that require quick modernisation and certain levels
of consistency for their legacy applications in a hybrid or multicloud world. From this explanation the core ideas can be drawn from these statements;

5. What are the components of the managed control plane of Anthos Service Mesh?

Show answer 1. Traffic Director - it is GCP's fully managed service mesh traffic control plane, responsible for translating Istio API objects into configuration information for the distributed proxies, as well as directing service mesh ingress and egress traffic

6. List some Cloud Run for Anthos use cases

Show answer As it does not support stateful applications or sticky sessions, it is suitable for running stateless applications such as:

* Machine learning model predictions e.g Tensorflow serving containers
* API gateways, API middleware, web front ends and Microservices
* Event handlers, ETL

7. What is Island Mode configuration with regards to networking in Anthos GKE deployed on-prem?

Show answer * This is when pods can directly talk to each other within a cluster, but cannot be reached from outside the cluster thus forming an "island" within the network that is not connected to the external network.

8. What is Google Kubernetes Engine (GKE) and what does it provide?

Show answer * It is the managed kubernetes service on GCP for deploying, managing and scaling containerised applications using Google infrastructure.

Remember: GKE = managed K8s. Google manages the control plane (API server, etcd, scheduler). You manage worker nodes (or use Autopilot for fully managed).

Gotcha: GKE Standard vs Autopilot: Standard = you manage nodes, Autopilot = Google manages nodes and charges per-pod.

9. What is Cloud Run for Anthos?

Show answer It is part of the Anthos stack that brings a serverless container experience to Anthos, offering a high-level platform experience on top of K8s clusters. It is built with Knative, an open-source operator for K8s that brings serverless application serving and eventing capabilities.

10. List and explain three high-level out of the box autoscaling primitives offered by Cloud Run for Anthos that do not exist in K8s natively

Show answer * Rapid, request-based autoscaling - default autoscalers monitor request metrics which allows Cloud Run for Anthos to handle spiky traffic patterns smoothly

Remember: Cloud Run for Anthos adds serverless abstractions (scale-to-zero, request-based autoscaling, rapid cold start) on top of K8s.

Gotcha: Scale-to-zero means cold starts. For latency-sensitive workloads, set minScale >= 1.

11. What are labels in Kubernetes and how are they used for organization?

Show answer You can think about labels in GCP as sticky notes that you attach to different GCP resources. That makes it easier for example, to search for specific resources (like applying the label called "web-app" and search for all the resources that are related somehow to "web-app")

12. What is the primary computing environment for Anthos to easily manage workload deployment?

Show answer * Google Kubernetes Engine (GKE)

Remember: Anthos = multi-cloud K8s management. GKE = Google's managed Kubernetes. Anthos uses GKE under the hood.

Gotcha: Anthos can also manage on-prem clusters (Anthos on bare metal) and clusters on other clouds (Anthos on AWS).

13. List possible use cases of traffic controls that can be implemented within Anthos Service Mesh

Show answer * Traffic splitting across differing service versions for canary or A/B testing
* Circuit breaking to prevent cascading failures
* Fault injection to help build resilient and fault-tolerant deployments
* HTTP header-based traffic steering between individual services or versions

🟡 Medium (14)

1. What is workload identity federation ?

Show answer Workload Identity Federation extends the capabilities of Workload Identity, enabling workloads to use external identity providers for authentication and authorization. It allows users to integrate their own identity systems with Google Cloud, enabling seamless and secure access to GCP resources based on their existing identity infrastructure.

2. What are flow logs? Where are they enabled?

Show answer VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as Google Kubernetes Engine nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.

Enable Flow Logs

1. Open VPC Network in GCP Console

2. Click the name of the subnet

3. Click EDIT button

4. Set Flow Logs to On

5. Click Save

3. How does Cloud Run for Anthos simplify operations?

Show answer Platform teams in organisations that wish to offer developers additional tools to test, deploy and run applications can use Knative to enhance this experience on Anthos as Cloud Run. Below are some of the benefits;

4. Explain Google Kubernetes Engine (GKE).

Show answer GKE is a managed Kubernetes service for deploying, managing, and scaling containerized applications using Kubernetes.
Features that sets it apart:
* Automated Operations: Manages the Kubernetes infrastructure, including upgrades and node provisioning.

5. What is Binary Authorization ?

Show answer Binary Authorization is a GCP security feature that enforces deployment policies by validating container images before they're deployed to a Kubernetes engine. It ensures that only trusted and authorized container images are allowed to run in the Kubernetes environment. Binary Authorization uses attestations and signatures to verify that images meet specific criteria, such as being signed by a trusted authority or adhering to certain security and compliance standards, enhancing the security of t

6. Can you deploy Anthos on AWS?

Show answer * Yes, Anthos on AWS is now GA. For more read [here](https://cloud.google.com/anthos/gke/docs/aws)

Remember: Anthos runs on GCP, AWS, Azure, and bare metal. True multi-cloud K8s management.

Gotcha: Anthos on AWS/Azure requires separate billing and additional setup. Pricing is per-vCPU of managed clusters.

7. Which load balancing options are available?

Show answer * Networking load balancing for L4 and HTTP(S) Load Balancing for L7 which are both managed services that do not require
additional configuration.
* Ingress for Anthos which allows the ability to deploy a load balancer that serves an application across multiple clusters
on GKE

8. How does Anthos handle the control plane and node components for GKE?

Show answer On GCP the kubernetes api-server is the only control plane component exposed to customers whilst compute engine manages
instances in the project.

Remember: GKE manages the control plane entirely — you never SSH into master nodes. Worker nodes run as Compute Engine VMs in your project.

Gotcha: In GKE Autopilot, even worker nodes are fully managed — you only define workloads.

9. How does Anthos Config Management help?

Show answer It follows common modern software development practices which makes cluster configuration, management and policy changes auditable, revertable, and versionable easily enforcing IT governance and unifying resource management in an organisation.

10. How can workloads deployed on Anthos GKE on-prem clusters securely connect to Google Cloud services?

Show answer * Google Cloud Virtual Private Network (Cloud VPN) - this is for secure networking
* Google Cloud Key Management Service (Cloud KMS) - for key management

Remember: Cloud VPN for encrypted tunnels, Cloud KMS for key management, Cloud Interconnect for dedicated high-bandwidth links.

Gotcha: Anthos on-prem still needs connectivity to GCP for management plane operations — it is not fully air-gapped.

11. What is Google Anthos?

Show answer Anthos is a platform for managing applications across hybrid and multi-cloud environments. Anthos allows organizations to build and manage modern, cloud-native applications and workloads that run on GCP, on-premises, or other cloud platforms. It provides a consistent platform for application development, enabling operations across different environments with centralized management, security, and scalability.

12. How does Anthos Service Mesh help?

Show answer Tool and technology integration that makes up Anthos service mesh delivers significant operational benefits to Anthos environments, with minimal additional overhead such as follows:

Remember: Anthos Service Mesh = managed Istio. Benefits: mTLS between services, traffic management, observability without application code changes.

Gotcha: ASM requires a minimum cluster size and adds resource overhead per sidecar proxy.

13. List the technical components that make up Anthos

Show answer * Infrastructure management - Google Kubernetes Engine (GKE)
* Cluster management - GKE, Ingress for Anthos
* Service management - Anthos Service Mesh
* Policy enforcement - Anthos Config Management, Anthos Enterprise Data Protection, Policy Controller
* Application deployment - CI/CD tools like Cloud Build, GitLab
* Application development - Cloud Code

14. What is workload identity ?

Show answer Workload Identity in GCP is a feature that allows Google Cloud workloads, such as applications or services running on Google Cloud, to assume identities in a secure and granular manner. It allows these workloads to access other Google Cloud resources based on defined permissions, without the need for service account keys, ensuring a more secure and manageable environment.

🔴 Hard (10)

1. Describe the two main components of Anthos Service Mesh

Show answer 1. Data plane - it consists of a set of distributed proxies that mediate all inbound and outbound network traffic between individual services which are configured using a centralised control plane and an open API
2. Control plane - is a fully managed offering outside of Anthos GKE clusters to simplify management overhead and ensure highest possible availability.

2. How do you enables logging for GCP resources ?

Show answer GCP provides Stackdriver Logging, which enables you to store, search, analyze, monitor, and alert on log data and events from GCP resources. It's the central logging solution for GCP, allowing you to collect logs from various services, such as Compute Engine, Kubernetes Engine, Cloud Storage, and more. You can enable logging at the project, folder, or organization level, and then configure which logs to collect and analyze using advanced filters and queries.

3. Describe GCP Workload Identity.

Show answer Workload Identity allows users to access GCP services from within workloads without requiring service account keys. It allows a higher level of security by associating service accounts with Google-managed service accounts, eliminating the need to manage service account keys explicitly. This feature streamlines the management of service account keys and enhances security by reducing the surface area for potential key exposure.

4. Explain Anthos Config Management

Show answer It is a core component of the Anthos stack which provides platform, service and security operators with a single, unified approach to multi-cluster management that spans both on-premises and cloud environments. It closely follows K8s best practices, favoring declarative approaches over imperative operations, and actively monitors cluster state and applies the desired state as defined in Git. It includes three key components as follows:

5. What's the difference between Container Registry and Artifact Registry ?

Show answer Container Registry: Google Container Registry is a private container image registry. It's specifically designed to store, manage, and secure Docker container images, making them available for use in GCP. These images are commonly used with services like Google Kubernetes Engine (GKE) and other container-based solutions.

6. What role does Dataproc has in analytics ?

Show answer Google Cloud Dataproc is a managed Hadoop and Spark service. It's primarily used for big data processing and analytics. Dataproc simplifies the process of deploying and managing clusters, making it easier to run Spark and Hadoop jobs. It's beneficial for tasks like ETL (Extract, Transform, Load), machine learning, data exploration, and batch processing. Dataproc provides a scalable, cost-effective way to process large datasets.

7. Describe Traffic Director in GCP.

Show answer Traffic Director is a managed control plane for service mesh. It allows for global traffic management in a multi-cluster, multi-region, and multi-platform scenario. Traffic Director enables traffic routing, traffic shaping, and resiliency across services within a service mesh by using global load balancing and advanced traffic management policies. It's a critical component for high-performance, scalable, and reliable service-to-service communication in distributed architectures.

8. Describe Google Kubernetes Engine (GKE) Autopilot.

Show answer Autopilot is a managed environment for GKE that automates operational tasks for managing and scaling the Kubernetes cluster. It includes:
* Automated Cluster Management: Manages resources, scaling, and optimization of clusters.
* Improved Security: Adheres to best practices and provides automatic updates for security patches.
* Simplified Experience: Reduces the complexities of managing and maintaining Kubernetes clusters.

9. Explain Google Cloud Dataproc.

Show answer Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Hadoop clusters.
* Managed Clusters: Dataproc allows users to create, manage, and scale clusters quickly and easily.
* Cost Efficiency: It provides a flexible and cost-effective solution by charging users only for the resources used.

10. Explain Anthos on GCP.

Show answer Anthos is a hybrid and multi-cloud platform enabling workload management across various environments. Key features include:
* Modernization: It allows modernization of existing applications and development of new cloud-native apps.
* Uniform Management: Anthos offers a consistent way to manage different types of infrastructure, whether on-premises or across multiple clouds.
* Security and Compliance: Provides security and compliance across hybrid and multi-cloud environments.