Challenge
Our team was tasked with delivering the project in the form of a Proof of Concept.
Google Anthos is currently in the early beta development stage. Some of the verified solutions are at the moment available only for clusters based on the Google Cloud Platform or Anthos clusters based on AWS or VMware cloud solutions.
If obtaining a comprehensive solution with Google Anthos turned out to be impossible, the team would deliver integration with third-party tools offering such specific solutions. An example of that is Datadog for monitoring and alerting about irregularities.
To understand the methodology of a given function better, our team reverse engineered the process and implemented it in the test environment.
Solution
We presented the result of our work as a working test environment managed by the Google Anthos platform in a way that met the client’s requirements.
Our team also prepared additional project documentation in a descriptive form, summarizing the extent to which solutions offered by Google Anthos addressed each of these requirements.
The scope of the project consisted of using Google Anthos to manage:
Clusters using Kubernetes distributions developed by Google:
- Google Cloud Platform clusters
- Anthos clusters on AWS
- Anthos clusters on VMware on-premise
Native Kubernetes distributions offered by external cloud vendors:
- Elastic Kubernetes Service (AWS)
- Azure Kubernetes Service (Microsoft Azure)
- Container Service for Kubernetes (Alibaba Cloud)
Moreover, the project’s scope also included the verification of Google Anthos’s compliance with regulatory requirements such as CIS, NIST, and SOX.
Our team also check the possibilities of using the platform for centralized configuration of the following aspects:
- network (including IP and DNS address management, Firewall, Load Balancer),
- security (including RBAC access, scanning images, and Docker containers, applying the Open Policy Agent policies, Kubernetes Secrets, SSL certificates),
- monitoring (including the status of clusters and applications, incoming and outgoing traffic, warning of irregularities)
- installation of business applications with the use of CI/CD tools.
Our team prepared the test environment infrastructure with the use of Terraform, supporting the concept of Infrastructure as Code (IaC). After the clusters were successfully registered on Google Anthos, the installation of business applications was carried out in an automated manner using Anthos Config Management.
The launched applications created in the microservices architecture were embedded in clusters using the “service mesh” infrastructure supported by the platform with a dedicated Anthos Service Mesh component based on the Istio solution. The integration of clusters and applications with third-party tools was carried out at the level of Kubernetes using the concept of “node agent” and “sidecar”.
Technologies we used
- Docker
- Kubernetes
- Google Anthos + Anthos components: Anthos Service Mesh and Anthos Config Management
- Service Mesh with Istio
- GCP, AWS, Azure, Alibaba Cloud with native Kubernetes Services (GKE, EKS, AKS, ACK) Anthos clusters on AWS and VMWare on-prem
- Terraform
- Datadog
- Jenkins
Our technologies
Solution in numbers
- Integration of Google Anthos with 5 cloud services (Google, AWS, Azure, Alibaba, and VMWare on-prem)
- Management fo 5 Kubernetes clusters from the level of Anthos
- Launch of 3 demo applications