In this lab, you set up configuration information, both encrypted and unencrypted. Encrypted configuration information is stored as secrets. Unencrypted configuration information is stored as ConfigMaps. This approach avoids hard coding such information into code bases. Credentials (like API keys) that belong in secrets should never travel inside code repositories like GitHub (unless they are encrypted before going in, but even then it is better to keep them separate).

In this lab, you learn how to perform the following tasks:

  • Create secrets by using the kubectl command and manifest files

PersistentVolumes are storage that is available to a Kubernetes cluster. PersistentVolumeClaims enable Pods to access PersistentVolumes.

Without PersistentVolumeClaims Pods are mostly ephemeral, so you should use PersistentVolumeClaims for any data that you expect to survive Pod scaling, updating, or migrating.

In this lab, you learn how to perform the following tasks:

  • Create manifests for PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) for Google Cloud persistent disks (dynamically created or existing)

In this lab, you will create a private cluster, and add an authorized network for API access to it.

In this lab, you learn how to perform the following tasks:

  • Create and test a private cluster

Task 1. Create a private cluster

In this task, you create a private cluster, consider the options for how private to make it, and then compare your private cluster to your original cluster.

In a private cluster, the nodes have internal RFC 1918 IP addresses only, which ensures that their workloads are isolated from the public Internet. …

In this lab, you define and run Jobs and CronJobs.

In GKE, a Job is a controller object that represents a finite task. Jobs manage a task as it runs to completion, rather than managing an ongoing desired state such as the maintaining the total number of running Pods.

CronJobs perform finite, time-related tasks that run once or repeatedly at a time that you specify using Job objects to complete their tasks.

In this lab, you learn how to perform the following tasks:

  • Define, deploy and clean up a GKE Job


  1. In…

In this lab, you will upgrade a GKE cluster using the Google Cloud Console.

Task 1. Deploy a GKE cluster

In this task, you use Google Cloud Console to deploy a GKE cluster running a Kubernetes version that is not the most recent release. You will upgrade this cluster to a more recent release in a later task.

  1. In the Google Cloud Console, on the Navigation menu > click Kubernetes Engine > Clusters.

In this lab, you learn how to use Cloud Monitoring to gain insight into applications that run on Google Cloud.

In this lab, you learn how to perform the following tasks:

  • Explore Cloud Monitoring

Task 1: Create a Cloud Monitoring workspace

Verify resources to monitor

Three VM instances have been created for you that you will monitor.

  1. In the Cloud Console, on the Navigation menu > click Compute Engine > VM instances. Notice the nginxstack-1, nginxstack-2 and nginxstack-3 instances.

In this lab, you implement Private Google Access and Cloud NAT for a VM instance that doesn’t have an external IP address. Then, you verify access to public IP addresses of Google APIs and services and other connections to the internet.

VM instances without external IP addresses are isolated from external networks. Using Cloud NAT, these instances can access the internet for updates and patches, and in some cases, for bootstrapping. As a managed service, Cloud NAT provides high availability without user management and intervention.

In this lab, you learn how to perform the following tasks:

  • Configure a VM instance…

In this lab, you create one VM in the Premium network service tier (default) and one VM in the Standard network service tier. Then you compare the latency and network paths for each VM instance.

With Network Service Tiers, Google Cloud enables you to optimize your cloud network for performance by choosing the Premium Tier, or for cost with the new Standard Tier.

Premium Tier

Premium Tier delivers traffic over Google’s well-provisioned, low-latency, highly reliable global network. This network consists of an extensive global private fiber network with over 100 points of presence (POPs) across the globe.

The Cloud Routers will implement VPN gateways configured with Border Gateway Protocol (BGP). BGP provides dynamic network discovery and eliminates the need to configure or maintain static routes. When configuration is complete, you can ping the internal IP of the VM in a newly discovered subnetwork via an auto-populated route.

In this lab, you learn how to perform the following tasks:

  • Create two networks to represent your VPC and on-premises network, with a VM in each network to test connectivity

Task 1. Create the networks


VPC network peering allows you to build SaaS (Software as a service) ecosystems in Google Cloud, which makes services available privately across different VPC networks within and across organizations. This allows workloads to communicate in private RFC 1918 space.

Rajeev Ghosh

Artificial Intelligence | Machine Learning | DevOps enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store