谷歌中国开发者社区 (GDG)
  • 主页
  • 博客
    • Android
    • Design
    • GoogleCloud
    • GoogleMaps
    • GooglePlay
    • Web
  • 社区
    • 各地社区
    • 社区历史
    • GDG介绍
    • 社区通知
  • 视频
  • 资源
    • 资源汇总
    • 精选视频
    • 优酷频道

On a quest: Learn GKE security and monitoring best practices

2019-06-12adminGoogleCloudNo comments

Source: On a quest: Learn GKE security and monitoring best practices from Google Cloud

Whether you’re running Kubernetes yourself, using our Google Kubernetes Engine (GKE) managed service, or using Anthos, you need visibility into your environment, and you need to know how to secure it. To help you on your way, there are two new educational resources to teach you application observability and security best practices for using Kubernetes at scale.

Fashioned as a series of self-paced labs, this learning content will guide you through the most common activities associated with monitoring and securing Kubernetes through a series of complementary hands-on exercises that we call quests.

Quest for migration and observability best practices

For migration and observability best practices, enroll in the Cloud Kubernetes Best Practice quest, which includes the following labs:

  • GKE Migrating to Containers demonstrates containers’ central premise of isolation, restricting resources and portability.

  • Monitoring with Stackdriver on Kubernetes Engine explores how to obtain useful deployment information from code by using Stackdriver’s extensive real-time tooling.

  • Tracing with Stackdriver on Kubernetes Engine explores how to follow application trace events to find potential algorithm improvements.  

  • Logging with Stackdriver on Kubernetes Engine presents common techniques for resource identification and export sink, including an overview of the powerful resource filter.

  • Connect to Cloud SQL from an Application in Kubernetes Engine helps to bridge the divide between containers and non-containers, leveraging design patterns such as the sidecar or ambassador to connect to external resources via the Kubernetes API.

On a quest for secure Kubernetes applications

Similarly, the Google Kubernetes Engine Security Best Practice quest provides actionable guidance on how to approach Kubernetes security, and includes the following labs:

  • How to Use a Network Policy on GKE discusses the “principle of least privilege” as applied to Kubernetes network policy, illustrating how to achieve granular control over intra-cluster communication.

  • Using Role-based Access Control in Kubernetes Engine shows you how to use RBAC to restrict things such as cluster state changes.

  • Google Kubernetes Engine Security: Binary Authorization highlights a new GKE feature that helps to determine and enforce the provenance of container security.

  • Securing Applications on Kubernetes Engine – Three Examples demonstrates how to use AppArmor to secure an Nginx web server; how to apply policies to unspecified resources using a Kubernetes Daemonset; and how to update pod metadata associated with a deployment with the Kubernetes API’s ServiceAccount, Role, and RoleMapping features.

  • Kubernetes Engine Communication Through VPC Peering walks through the process to expose services between distinct clusters using VPC Peering.

  • Hardening Default GKE Cluster Configurations explores mitigation security issues that can arise from running a cluster based on default settings.

When working with infrastructure and application environments, sophisticated observability tools like Stackdriver provide a unified method of monitoring, tracing and logging. Likewise, securing an environment represents an ongoing challenge, but Google Cloud Platform offers a number of tools that help to reduce the complexity, and ensure that deployments follow generally accepted best practices.

Ready to begin? Get started with Kubernetes best practice and the GKE Security Best Practice quests. On completion of the quest, you’ll be presented with a Qwiklabs digital badge that you can share on social media.

Kubernetes

除非特别声明,此文章内容采用知识共享署名 3.0许可,代码示例采用Apache 2.0许可。更多细节请查看我们的服务条款。

Tags: Cloud

Related Articles

Transitioning a typical engineering ops team into an SRE powerhouse

2019-10-04admin

How Google Cloud helps RecruitMilitary connect more veterans to jobs

2019-07-17admin

Hunterdon Healthcare teams work more easily and securely using Chrome Enterprise and G Suite

2019-10-22admin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Recent Posts

  • Admin Essentials: know your options for Modern Enterprise Browser Management
  • TheVentureCity and Google Consolidate Miami as a Tech Powerhouse
  • Keep a better eye on your Google Cloud environment
  • Using HLL++ to speed up count-distinct in massive datasets
  • Season of Docs Announces Results of 2019 Program

Recent Comments

  • admin on Using advanced Kubernetes autoscaling with Vertical Pod Autoscaler and Node Auto Provisioning
  • Martijn on Using advanced Kubernetes autoscaling with Vertical Pod Autoscaler and Node Auto Provisioning
  • Martijn on Using advanced Kubernetes autoscaling with Vertical Pod Autoscaler and Node Auto Provisioning
  • Chen Zhixiang on Concurrent marking in V8
  • admin on 使用 Android Jetpack 加快应用开发速度

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 1970

Categories

  • Android
  • Design
  • Firebase
  • GoogleCloud
  • GoogleDevFeeds
  • GoogleMaps
  • GooglePlay
  • Google动态
  • iOS
  • Uncategorized
  • VR
  • Web
  • WebMaster
  • 社区
  • 通知

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

最新文章

  • Admin Essentials: know your options for Modern Enterprise Browser Management
  • TheVentureCity and Google Consolidate Miami as a Tech Powerhouse
  • Keep a better eye on your Google Cloud environment
  • Using HLL++ to speed up count-distinct in massive datasets
  • Season of Docs Announces Results of 2019 Program
  • Admin Insider: What's new in Chrome Enterprise, Release 79
  • Discover insights from text with AutoML Natural Language, now generally available
  • Introducing Storage Transfer Service for on-premises data
  • How Mynd uses G Suite to manage a flurry of acquisitions
  • W3C Trace Context Specification: What it Means for You

最多查看

  • 如何选择 compileSdkVersion, minSdkVersion 和 targetSdkVersion (25,381)
  • Google 推出的 31 套在线课程 (22,461)
  • 谷歌招聘软件工程师 (22,337)
  • Seti UI 主题: 让你编辑器焕然一新 (13,824)
  • Android Studio 2.0 稳定版 (9,420)
  • Android N 最初预览版:开发者 API 和工具 (8,036)
  • 像 Sublime Text 一样使用 Chrome DevTools (6,325)
  • 用 Google Cloud 打造你的私有免费 Git 仓库 (6,077)
  • Google I/O 2016: Android 演讲视频汇总 (5,609)
  • 面向普通开发者的机器学习应用方案 (5,539)
  • 生还是死?Android 进程优先级详解 (5,233)
  • 面向 Web 开发者的 Sublime Text 插件 (4,341)
  • 适配 Android N 多窗口特性的 5 个要诀 (4,311)
  • 参加 Google I/O Extended,观看 I/O 直播,线下聚会! (3,624)
© 2019 中国谷歌开发者社区 - ChinaGDG