The Anthos Sample Deployment on Google Cloud (Preview) is a Google Cloud Marketplace solution that you can preview now. It deploys a real Anthos hands-on environment with a GKE cluster, service mesh, and an application with multiple microservices. This tutorial introduces you to these features, letting you learn about Anthos deployed on Google Cloud with a fictional bank. You can then explore Anthos features that interest you by following the bank's Anthos story further in our follow-up tutorials.
If you want to learn more about Anthos and its components first, see our technical overview. However, you don't need to be familiar with Anthos to follow this tutorial. You should be familiar with basic Kubernetes concepts such as clusters; if you're not, see Kubernetes basics, the Google Kubernetes Engine (GKE) documentation, and Preparing an application for Anthos Service Mesh.
When you're ready for a real production installation, see our Setup section.
When you complete this tutorial, please complete our survey.
You are the platform lead at the Bank of Anthos. Bank of Anthos started as a small business for payment processing on two servers almost ten years ago. Since then, it has grown into a successful commercial bank with thousands of employees and a growing engineering organization. Bank of Anthos now wants to expand its business further.
Throughout this period, you and your team have found yourself spending more time and money on maintaining infrastructure than on creating new business value. You have decades of cumulative experience invested in your existing stack; however, you know it's not the right technology to meet the scale of global deployment that the bank needs as it expands.
You've adopted Anthos to modernize your application and migrate successfully to the cloud to achieve your expansion goals.
In this tutorial, you're introduced to some of the key features of Anthos through the following tasks:
Deploy your Anthos environment with clusters, applications, and Anthos components: Anthos Service Mesh and Anthos Config Management.
Use the Google Cloud Console to explore the Anthos clusters resources used by your application.
Use Anthos Service Mesh to observe application services.
Using the Anthos Sample Deployment will incur pay-as-you-go charges for Anthos on Google Cloud as listed on our Pricing page unless you have an Anthos subscription.
You are also responsible for other Google Cloud costs incurred while running the Anthos Sample Deployment, such as charges for Compute Engine VMs and load balancers. You can see an estimated monthly cost for all these resources on the deployment's Google Cloud Marketplace page.
We recommend cleaning up after finishing the tutorial or exploring the deployment to avoid incurring further charges. The Anthos Sample Deployment is not intended for production use and its components cannot be upgraded.
Before you begin
The Anthos Sample Deployment on Google Cloud requires that you use a new project with no existing resources.
The following additional project requirements apply:
- You must have enough quota in the target deployment project and zone for at least 7 vCPUs, 24.6 GB of memory, 310-GB of disk space, one VPC, two firewall rules, and one Cloud NAT.
- Your organization does not have a policy that explicitly restricts the use of click-to-deploy images.
Before you start the tutorial:
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
- Enable the Compute Engine and Service Management APIs.
Then do the following to ensure that your project meets the requirements for running the Anthos Sample Deployment:
In your new project, launch Cloud Shell by clicking Activate Cloud Shell in the top toolbar.
Cloud Shell is an interactive shell environment for Google Cloud that lets you manage your projects and resources from your web browser.
Configure Cloud Shell with the target deployment zone, replacing ZONE in the following command:
gcloud config set compute/zone ZONE
Enter the following command to run a script that checks that your project meets the necessary requirements:
curl -sL https://github.com/GoogleCloudPlatform/anthos-sample-deployment/releases/latest/download/asd-prereq-checker.sh | sh -
Your active configuration is: [cloudshell-4100] Checking project my-project-id, region us-central1, zone us-central1-c PASS: User has permission to create service account with the required IAM policies. PASS: Org Policy will allow this deployment. PASS: Service Management API is enabled. PASS: Anthos Sample Deployment does not already exist. PASS: Project ID is valid, does not contain colon. PASS: Project has sufficient quota to support this deployment.
If anything doesn't
PASS, see our troubleshooting guide. If you don't fix these errors, you might not be able to deploy the sample.
The Anthos Sample Deployment on Google Cloud provisions your project with the following:
One GKE cluster running on Google Cloud:
Anthos Service Mesh installed on the cluster. You will use Anthos Service Mesh to manage the service mesh on
A single Compute Engine instance (virtual machine) that performs a number of automated tasks to jump-start the tutorial environment after the cluster is created:
A VPC with a subnetwork within the target deployment region for the GKE cluster and Compute Engine instance. A Cloud NAT gateway on a Cloud Router, and firewall rules for connectivity to and between the deployment's components.
Launch the Anthos Sample Deployment on Google Cloud
Launch the Anthos Sample Deployment on Google Cloud through the Cloud Marketplace:
Open the Anthos Sample Deployment on Google Cloud.
Select and confirm the Google Cloud project to use. This should be the project that you created in the Before you begin section.
Click LAUNCH. It can take several minutes to progress to the deployment configuration screen while the solution enables a few APIs.
Select the Confirm that all prerequisites have been met checkbox to confirm that you have successfully run the prerequisites script.
(Optional) In the deployment configuration screen, specify your chosen deployment name, zone, and Service Account. However, for your first deployment, we recommend that you accept all of the provided default values, including creating a new Service Account.
Click Deploy. Deploying the trial can take up to 15 minutes, so don't be concerned if you have to wait for a while.
While the deployment is progressing, the Cloud Console transitions to
the Deployment Manager view. After the sample is deployed, you can review
the full deployment. You should see a list of all enabled resources, including
one GKE cluster (
anthos-sample-cluster1) and one Compute Engine instance (
If you encounter any deployment errors, see our troubleshooting guide.
Using the Anthos Dashboard
Anthos provides an out-of-the-box structured view of all your applications' resources, including clusters, services, and workloads, giving you an at-a-glance view of your resources at a high level, while letting you drill down when necessary to find the low-level information that you need. To see your deployment's top-level dashboard, go to your project's Anthos Dashboard in the Google Cloud Console.
You should see:
A Service mesh section that tells you that you have 9 services (but that they need action to see their health). You'll find out more about what this means later in the tutorial.
A Cluster status section that tells you that you have one healthy GKE cluster.
Explore Anthos clusters resources
The Anthos Clusters page shows you all the clusters in your project registered to Anthos, including clusters outside Google Cloud. You can also use the Google Kubernetes Engine Clusters page to see all the clusters in your project. In fact, the Anthos Clusters page lets you drill down to the GKE pages if you need to see more cluster and node details.
In this section, you'll take a closer look at Bank of Anthos' GKE resources.
In the Google Cloud Console, go to the Anthos Clusters page.
Click the anthos-sample-cluster1 cluster to view its basic details in the right pane, including its Type, Master version, and Location. You can also see which Anthos features are enabled in this cluster in the Cluster features section.
For more detailed information about this cluster, click More details in GKE. This brings you to the cluster's page in the Google Kubernetes Engine console, with all the current settings for the cluster.
In the Google Kubernetes Engine console, click the Nodes tab to view all the worker machines in your cluster. From here, you can drill down even further to see the workload Pods running on each node, as well as a resource summary of the node (CPU, memory, storage).
You can find out more about GKE clusters and nodes in the GKE documentation.
The Google Kubernetes Engine console has a Workloads view that shows an aggregated view of the workloads (Pods) running on all your GKE clusters.
In the Google Kubernetes Engine console, go to the GKE Workloads page.
Workloads from the GKE cluster and namespaces are shown. For example,
workloads in the
boa namespace are running in
Services & Ingress
The Services & Ingress view shows the project's Service and Ingress resources. A Service exposes a set of pods as a network service with an endpoint, while an Ingress manages external access to the services in a cluster. However, rather than a regular Kubernetes Ingress, Bank of Anthos uses an Istio ingress gateway service for traffic to the bank, which Anthos Service Mesh meshes can use to add more complex traffic routing to their inbound traffic. You can see this in action when you use the service mesh observability features later in this tutorial.
In the Google Kubernetes Engine console, go to the Services & Ingress page.
To find the Bank of Anthos ingress gateway, scroll down the list of available services to find the service with the name
Click the down arrow at the end of the row for
istio-ingressgatewayto show more information about the service, including all of its external endpoints. An ingress gateway manages inbound traffic for your application service mesh, so in this case we can use its details to visit the bank's web frontend.
istio-ingressgatewayexternal endpoint using port
80. You should be able to explore the Bank of Anthos web interface.
Anthos's service management and observability is provided by Anthos Service Mesh, a suite of tools powered by Istio that helps you monitor and manage a reliable service mesh. To find out more about Anthos Service Mesh and how it helps you manage microservices, see the Anthos Service Mesh documentation. If you're not familiar with using microservices with containers and what they can do for you, see Preparing an application for Anthos Service Mesh.
In our example, the cluster in the sample deployment has the microservice-based Bank of Anthos sample application running on it. The application also includes a loadgenerator utility that simulates a small amount of load to the cluster so that you can see metrics and traffic in the dashboard.
In this section, you'll use the Anthos Service Mesh page to look at this application's services and traffic.
Observe the Services table view
Go to the Anthos Service Mesh page.
The page displays the table view by default, which shows a list of all your project's microservices, including system services. To filter to only the Bank of Anthos services, select boa from the Namespace drop-down at the top left of the page.
Each row in the table is one of the services that makes up the Bank of Anthos
application; for example, the
frontend service renders the application's web
user interface, and the
userservice service manages user accounts and authentication.
Each service listing shows up-to-date metrics, such as Error rate and key latencies, for that service. These metrics are collected out-of-the-box for services deployed on Anthos. You do not need to write any application code to see these statistics.
You can drill down from this view to see even more details about each service.
For example, to learn more about the
Click transactionhistory in the services list. The service details page shows all the telemetry available for this service.
On the transactionhistory page, on the Navigation menu, select Connected Services. Here you can see both the Inbound and Outbound connections for the service. An unlocked lock icon indicates that some traffic has been observed on this port that is not encrypted using mutual TLS (mTLS). You can find out more about how this works in the Secure Anthos tutorial.
Observe the Services topology view
The table view isn't the only way to observe your services in Anthos. The topology view lets you focus on how the services interact.
If you haven't done so already, return to the table view from the service details view by clicking the back arrow at the top of the page.
At the top-right of the page, click Topology to switch from the table view to the workload/service graph visualization. As you can see from the legend, the graph shows both the application's Anthos Service Mesh services and the GKE workloads that implement them.
Now you can explore the topology graph. Anthos Service Mesh automatically observes which services are communicating with each other to show service-to-service connections details:
Hold your mouse pointer over an item to see additional details, including outbound QPS from each service.
Drag nodes with your mouse to improve your view of particular parts of the graph.
Click service nodes for more service information.
Click Expand when you hold the pointer over a workload node to drill down for even more details, including the number of instances of this workload that are currently running.
Exploring Anthos further
While this tutorial has shown you many Anthos features, there's still lots more to see and do in Anthos with our deployment. Visit one of our follow-up tutorials to try some hands-on tasks with Anthos, or continue to explore the Anthos Sample Deployment on Google Cloud yourself, before following the cleanup instructions in the next section.
After you've finished exploring the Anthos Sample Deployment, you can clean up the resources that you created on Google Cloud so they don't take up quota and you aren't billed for them in the future. The following sections describe how to delete or turn off these resources.
Option 1. You can delete the project. This is the recommended approach. However, if you want to keep the project around, you can use Option 2 to delete the deployment.
Option 2. (Experimental) If you're working within an existing but empty project, you may prefer to manually revert all the steps from this tutorial, starting with deleting the deployment.
Option 3. (Experimental) If you're an expert on Google Cloud or have existing resources in your cluster, you may prefer to manually clean up the resources that you created in this tutorial.
Delete the project (option 1)
- In the Cloud Console, go to the Manage resources page.
- In the project list, select the project that you want to delete, and then click Delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
Delete the deployment (option 2)
This approach relies on allowing Deployment Manager to undo what it created. Even if the deployment had errors, you can use this approach to undo it.
In the Cloud Console, on the Navigation menu, click Deployment Manager.
Select your deployment, and then click Delete.
Confirm by clicking Delete again.
Even if the deployment had errors, you can still select and delete it.
If clicking Delete doesn't work, as a last resort you can try Delete but preserve resources. If Deployment Manager is unable to delete any resources, you need to note these resources and attempt to delete them manually later.
Wait for Deployment Manager to finish the deletion.
(Temporary step) On the Navigation menu, click Network services > Load balancing, and then delete the forwarding rules created by the
(Optional) Go to
https://source.cloud.google.com/<project_id>. Delete the repository whose name includes config-repo if there is one.
(Optional) Delete the Service Account that you created during the deployment and all of its IAM roles.
Perform a manual cleanup (option 3)
This approach relies on manually deleting the resources from the Google Cloud Console.
In the Cloud Console, on the Navigation menu, click Kubernetes Engine.
Select your cluster and click Delete, and then click Delete again to confirm.
In the Cloud Console, on the Navigation menu, click Compute Engine.
Select the jump server and click Delete, and then click Delete again to confirm.
Follow Steps 7 and 8 of Option 2.
If you plan to redeploy after the manual cleanup, verify that all requirements are met as described in the Before you begin section.