Agenda

  1. Host project
    1. As Org Admin, create a Host project
    2. As Org Admin, create a Config Controller instance
    3. As Org Admin, set up Host project’s Git repo
    4. As Org Admin, enforce policies for tenant projects
  2. Tenant project
    1. As Org Admin, set up the Tenant project
    2. As Org Admin, set up the Tenant project’s Git repo
    3. As Org Admin, enforce policies for Google Cloud resources
  3. Networking
    1. As Org Admin, allow Networking for Tenant project
    2. As Platform Admin, set up Network in Tenant project
  4. GKE cluster
    1. As Org Admin, allow GKE for Tenant project
    2. As Org Admin, enforce policies for GKE cluster resources
    3. As Platform Admin, create GKE cluster in Tenant project
    4. As Org Admin, allow Fleet for Tenant project
    5. As Platform Admin, set up GKE configs’s Git repo in Tenant project
    6. As Platform Admin, set up Config Sync monitoring
    7. As Platform Admin, set up NetworkPolicy logging in GKE cluster
    8. As Platform Admin, enforce policies for NetworkPolicies
  5. Artifact Registry
    1. As Org Admin, allow Artifact Registry for Tenant project
    2. As Platform Admin, create Artifact Registry in Tenant project and allow GKE cluster to pull containers
    3. As Platform Admin, enforce policies for Artifact Registry (allowed container registries)
  6. Service Mesh
    1. As Org Admin, allow ASM for Tenant project
    2. As Platform Admin, install Managed ASM in GKE cluster
    3. As Platform Admin, set up ASM configs in GKE cluster
    4. As Platform Admin, enforce policies for ASM
  7. Ingress Gateway
    1. As Platform Admin, create the Public static IP address for the Ingress Gateway
    2. As Org Admin, allow Cloud Armor for Tenant project
    3. As Platform Admin, set up Cloud Armor in Tenant project
    4. As Platform Admin, deploy the Ingress Gateway linked to Cloud Armor in GKE cluster
    5. As Platform Admin, deploy NetworkPolicies for the Ingress Gateway namespace in GKE cluster
    6. As Platform Admin, deploy AuthorizationPolicies for the Ingress Gateway namespace in GKE cluster
  8. Whereami app
    1. As Platform Admin, set up DNS for the Whereami app
    2. As Platform Admin, set up the Whereami app’s Git repo in GKE cluster
    3. As Apps Operator, copy Whereami container in private Artifact Registry
    4. As Apps Operator, deploy the Whereami app
    5. As Apps Operator, deploy Sidecars for the Whereami namespace in GKE cluster
    6. As Apps Operator, deploy NetworkPolicies for the Whereami namespace in GKE cluster
    7. As Apps Operator, deploy AuthorizationPolicies for the Whereami namespace in GKE cluster
  9. Online Boutique apps
    1. As Platform Admin, set up DNS for the Online Boutique app
    2. As Platform Admin, set up the Online Boutique apps’s Git repo in GKE cluster
    3. As Apps Operator, copy Online Boutique containers in private Artifact Registry
    4. As Apps Operator, deploy the Online Boutique apps
    5. As Apps Operator, deploy Sidecars for the Online Boutique namespace in GKE cluster
    6. As Apps Operator, deploy NetworkPolicies for the Online Boutique namespace in GKE cluster
    7. As Apps Operator, deploy AuthorizationPolicies for the Online Boutique namespace in GKE cluster
    8. As Org Admin, allow Memorystore (redis) for Tenant project
    9. As Org Admin, enforce policies for Memorystore (redis) resources
    10. As Platform Admin, create Memorystore (redis) instances with and without TLS in Tenant project
    11. As Apps Operator, configure Online Boutique apps to use Memorystore (redis) instance
    12. As Apps Operator, secure Online Boutique apps to access Memorystore (redis) instance via TLS
  10. Monitoring & Audit
    1. As Platform Admin, verify ASM versions
    2. As Apps Operator, monitor apps security
    3. As Apps Operator, monitor apps health
    4. As Apps Operator, trace apps
    5. As Apps Operator, monitor Cloud Armor (WAF) rules