You're reading from Google Cloud for DevOps Engineers A practical guide to SRE and achieving Google's Professional Cloud DevOps Engineer certification

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781839218019

Length 482 pages

Edition 1st Edition

Tools

Kubernetes

Concepts

DevOps

Author (1):

Sandeep Madamanchi

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Site Reliability Engineering – A Prescriptive Way to Implement DevOps

2. Chapter 1: DevOps, SRE, and Google Cloud Services for CI/CD FREE CHAPTER

3. Chapter 2: SRE Technical Practices – Deep Dive

4. Chapter 3: Understanding Monitoring and Alerting to Target Reliability

5. Chapter 4: Building SRE Teams and Applying Cultural Practices

6. Section 2: Google Cloud Services to Implement DevOps via CI/CD

7. Chapter 5: Managing Source Code Using Cloud Source Repositories

8. Chapter 6: Building Code Using Cloud Build, and Pushing to Container Registry

9. Chapter 7: Understanding Kubernetes Essentials to Deploy Containerized Applications

10. Chapter 8: Understanding GKE Essentials to Deploy Containerized Applications

11. Chapter 9: Securing the Cluster Using GKE Security Constructs

12. Chapter 10: Exploring GCP Cloud Operations

13. Mock Exam 1

Answers

14. Mock Exam 2

15. Other Books You May Enjoy

Appendix: Getting Ready for Professional Cloud DevOps Engineer Certification

Hardening cluster security in GKE

Securing the Kubernetes cluster should be your topmost priority when it comes to securing applications running inside your cluster. GKE supports many such features to harden the cluster. For example, the GKE control plane is patched and upgraded automatically as part of the shared responsibility model. In addition, node auto-upgrades are also enabled for a newly created GKE cluster.

The following are some key additional GKE features that can be used to secure and harden clusters. Some of these features are enabled by default while you're creating a GKE cluster:

GKE supports a cluster type called Private Cluster, which provides options to restrict access to control planes and nodes. This needs to be specified at the time of cluster creation.
GKE supports container-optimized OS images. It is a container-optimized OS that has been custom-built, optimized, and hardened specifically for running containers.
GKE supports shielded GKE...