Board, where we doodle our way through the Cloud.
Board, where we doodle our way through the Cloud.

Today's topic-- What is Google Kubernetes Engine?
Today's topic-- What is Google Kubernetes Engine?

This video is divided into chapters.
This video is divided into chapters.

Watch the full video or skip ahead
Watch the full video or skip ahead

to any section of your choice.
to any section of your choice.

Now, Sam, the system admin, calls Aaron, the developer.
Now, Sam, the system admin, calls Aaron, the developer.

Her application has crashed.
Her application has crashed.

But it worked just fine on her workstation.
But it worked just fine on her workstation.

They check the logs, debug stuff, and eventually
They check the logs, debug stuff, and eventually

version inconsistencies.
version inconsistencies.

The right dependencies were missing in production--
The right dependencies were missing in production--

no surprise there.
no surprise there.

Together, they perform a risky rollback,
Together, they perform a risky rollback,

will later install the missing dependencies,
will later install the missing dependencies,

and hope nothing else breaks.
and hope nothing else breaks.

Aaron and Sam decide to fix the root problem once
Aaron and Sam decide to fix the root problem once

and for all using containers.
and for all using containers.

Containers decouple the OS from the application dependencies
Containers decouple the OS from the application dependencies

in the code.
in the code.

Due to this abstraction, Sam can log into each machine
Due to this abstraction, Sam can log into each machine

and instruct it to run Aaron's containers.
and instruct it to run Aaron's containers.

It will pull down just the files that
It will pull down just the files that

have changed since the last container and run the new code.
have changed since the last container and run the new code.

If you need to roll back, all the old files
If you need to roll back, all the old files

are still there, as container images are immutable.
are still there, as container images are immutable.

By using containers, Aaron and Sam
By using containers, Aaron and Sam

solved the "it worked on my machine" problem.
solved the "it worked on my machine" problem.

Containers help improve portability, credibility,
Containers help improve portability, credibility,

deployment speed, reusabillity, and more.
deployment speed, reusabillity, and more.

Turns out Sam's responsible for more developers than just
Turns out Sam's responsible for more developers than just

Aaron.
Aaron.

With large number of developers containerizing their apps,
With large number of developers containerizing their apps,

Sam needs a better way to orchestrate all the containers
Sam needs a better way to orchestrate all the containers

that these developers are shipping.
that these developers are shipping.

Solution?
Solution?

Kubernetes.
Kubernetes.

Kubernetes is a portable, extensible open source
Kubernetes is a portable, extensible open source

platform for managing containerized workloads
platform for managing containerized workloads

and services.
and services.

But turns out, Kubernetes is not that
But turns out, Kubernetes is not that

simple to manage, from installation, to provisioning,
simple to manage, from installation, to provisioning,

to upgrades, SLAs, and scaling.
to upgrades, SLAs, and scaling.

So Sam looks into Google Kubernetes Engine.
So Sam looks into Google Kubernetes Engine.

GKE is a managed service for running Kubernetes.
GKE is a managed service for running Kubernetes.

Apart from making it easy for you to create clusters,
Apart from making it easy for you to create clusters,

it offers some advanced cluster management features,
it offers some advanced cluster management features,

including load balancing, auto scaling, auto upgrades,
including load balancing, auto scaling, auto upgrades,

auto repairs, logging, monitoring, and more.
auto repairs, logging, monitoring, and more.

Now, how does GKE work?
Now, how does GKE work?

All Kubernetes objects in your containerized app
All Kubernetes objects in your containerized app

run on top of a cluster, which is the foundation of GKE.
run on top of a cluster, which is the foundation of GKE.

Cluster consists of at least one control plane and one or more
Cluster consists of at least one control plane and one or more

machines called nodes, which are created during the cluster
machines called nodes, which are created during the cluster

creation process.
creation process.

The control plane includes the Kubernetes API server,
The control plane includes the Kubernetes API server,

scheduler, storage, and core resource controllers.
scheduler, storage, and core resource controllers.

The control bay is responsible for deciding what runs
The control bay is responsible for deciding what runs

on all the cluster's nodes.
on all the cluster's nodes.

This can include scheduling workloads, managing networks,
This can include scheduling workloads, managing networks,

storage, lifecycle, scaling, and upgrades.
storage, lifecycle, scaling, and upgrades.

Now, the nodes-- a node runs the services
Now, the nodes-- a node runs the services

necessary to support the containers that make up
necessary to support the containers that make up

your clusters workloads.
your clusters workloads.

These include the container runtime and the Kubernetes node
These include the container runtime and the Kubernetes node

agent, Kublet, which communicates with the control
agent, Kublet, which communicates with the control

plane and is responsible for starting and running containers
plane and is responsible for starting and running containers

as scheduled on that node.
as scheduled on that node.

Pods are the smallest, most basic deployable objects
Pods are the smallest, most basic deployable objects

in Kubernetes, and contain one or more Containers.
in Kubernetes, and contain one or more Containers.

Pods also contain shared networking and storage
Pods also contain shared networking and storage

resources for their containers.
resources for their containers.

Now, how do you GKE?
Now, how do you GKE?

We know that GKE works with containerized apps.
We know that GKE works with containerized apps.

So before you deploy a workload on GKE cluster,
So before you deploy a workload on GKE cluster,

you must first package it into a container.
you must first package it into a container.

To create a continuous integration
To create a continuous integration

and continuous delivery pipeline,
and continuous delivery pipeline,

you can use Cloud Code to write your apps,
you can use Cloud Code to write your apps,

send the code to a source code repository,
send the code to a source code repository,

which kicks off a build process in Cloud Build,
which kicks off a build process in Cloud Build,

leading to container images, which can then
leading to container images, which can then

be stored in Container Registry, ready to be
be stored in Container Registry, ready to be

deployed into [INAUDIBLE].
deployed into [INAUDIBLE].

You can then create the GKE cluster
You can then create the GKE cluster

using Cloud Console UI, G Cloud Command Line
using Cloud Console UI, G Cloud Command Line

interface, or the API.
interface, or the API.

Kubectl CLI comes pre-installed in Cloud Shell
Kubectl CLI comes pre-installed in Cloud Shell

to run commands against your Kubernetes clusters.
to run commands against your Kubernetes clusters.

High availability and scaling--
High availability and scaling--

for availability, you can choose between two types of clusters,
for availability, you can choose between two types of clusters,

zonal and regional.
zonal and regional.

Regional clusters are better suited for HA
Regional clusters are better suited for HA

because they have multiple control planes
because they have multiple control planes

across multiple zones in a region,
across multiple zones in a region,

while zonal clusters have one control plane in a single zone.
while zonal clusters have one control plane in a single zone.

This also means that changes to cluster config
This also means that changes to cluster config

takes longer in a regional cluster
takes longer in a regional cluster

because they must propagate across all control planes.
because they must propagate across all control planes.

Due to these trade-offs, choose regional clusters
Due to these trade-offs, choose regional clusters

when availability is more important than flexibility,
when availability is more important than flexibility,

and use zonal cluster to create or upgrade clusters rapidly
and use zonal cluster to create or upgrade clusters rapidly

when availability is less of a concern.
when availability is less of a concern.

GKE also provides four types of autoscaling for workloads
GKE also provides four types of autoscaling for workloads

and infrastructure-- horizontal pod autoscaler for adding
and infrastructure-- horizontal pod autoscaler for adding

and removing pods based on utilization metrics like CPU
and removing pods based on utilization metrics like CPU

and memory; vertical pod autoscaler
and memory; vertical pod autoscaler

for sizing your pods; cluster autoscaler
for sizing your pods; cluster autoscaler

for adding and removing nodes based
for adding and removing nodes based

on the scheduled workload; node auto-provisioning
on the scheduled workload; node auto-provisioning

for dynamically creating new node
for dynamically creating new node

boards with nodes that match the needs of your users' pods.
boards with nodes that match the needs of your users' pods.

How to secure your app using GKE--
How to secure your app using GKE--

GKE is secure by default, with automatic data encryption
GKE is secure by default, with automatic data encryption

at rest and in transit.
at rest and in transit.

The OS images you deploy are Google certified.
The OS images you deploy are Google certified.

You can access your clusters without public IP
You can access your clusters without public IP

on the internet.
on the internet.

And you can control access using identity and access management
And you can control access using identity and access management

and role-based access controls.
and role-based access controls.

Additionally, with GKE, you get trusted networking.
Additionally, with GKE, you get trusted networking.

Using global VPC, you can connect to
Using global VPC, you can connect to

and isolate clusters.
and isolate clusters.

Using global load balancing, you can deploy public services
Using global load balancing, you can deploy public services

behind a single global Anycast IP.
behind a single global Anycast IP.

Using Cloud Armor, you get easy protection against Layer 7
Using Cloud Armor, you get easy protection against Layer 7

and DDoS attacks.
and DDoS attacks.

And using networking policies, you
And using networking policies, you

can control the communication between your cluster pods.
can control the communication between your cluster pods.

GKE also comes with tools to verify, and enforce,
GKE also comes with tools to verify, and enforce,

and improve the security of your infrastructure.
and improve the security of your infrastructure.

You get binary authorization to ensure
You get binary authorization to ensure

only properly signed containers are deployed to production.
only properly signed containers are deployed to production.

Vulnerability scanning of the container images
Vulnerability scanning of the container images

find security vulnerabilities early on in the CI/CD pipeline.
find security vulnerabilities early on in the CI/CD pipeline.

And since the base images are managed,
And since the base images are managed,

they are automatically patched and updated
they are automatically patched and updated

for security vulnerabilities.
for security vulnerabilities.

With all that said, if you are looking to quickly start with
With all that said, if you are looking to quickly start with

containers, check out GKE at cloud.google.com
containers, check out GKE at cloud.google.com

/kubernetesengine.
/kubernetesengine.