Explore Anthos

The Anthos Sample Deployment on Google Cloud (Preview) is a Google Cloud Marketplace solution that you can preview now. It deploys a real Anthos hands-on environment with a GKE cluster, service mesh, and an application with multiple microservices. This tutorial introduces you to these features, letting you learn about Anthos deployed on Google Cloud with a fictional online retailer. You can then explore Anthos features that interest you by following their Anthos story further in our follow-up tutorials.

If you want to learn more about Anthos and its components first, see our technical overview. However, you don't need to be familiar with Anthos to follow this tutorial. You should be familiar with basic Kubernetes concepts such as clusters; if you're not, see Kubernetes basics, the Google Kubernetes Engine (GKE) documentation, and Preparing an application for Anthos Service Mesh.

When you're ready for a real production installation, see our Setup section.

When you complete this tutorial, please complete our survey.

Your journey

You are the platform lead at the Online Boutique, an online retailer of trendy lifestyle products. Online Boutique started as a small business running an e- commerce website on two servers almost ten years ago. Since then, it has grown into a successful national enterprise with thousands of employees and a growing engineering organization. Online Boutique now wants to expand globally.

Throughout this period, you and your team have found yourself spending more time and money on maintaining infrastructure than on creating new business value. You have decades of cumulative experience invested in your existing stack; however, you know it's not the right technology to meet the scale of global deployment that your company needs as it expands.

Your team adopted Kubernetes a year ago, and since then has been running an on-premises cluster with a modest number of services. Your deployments still involve a number of manual stages, however, and this process has unfortunately resulted in occasional outages due to differences between developer and production environments.

Your development team wants the confidence to be able to deploy more frequently without worrying that their changes may cause problems elsewhere in the application.

You've adopted Anthos to modernize your application and migrate successfully to the cloud to achieve your expansion goals.

Objectives

In this tutorial, you're introduced to some of the key features of Anthos through the following tasks:

  • Deploy your Anthos environment with clusters, applications, and Anthos components: Anthos Service Mesh and Anthos Config Management.

  • Use the Google Cloud Console to explore the Anthos GKE resources used by your application.

  • Use Anthos Service Mesh to observe application services.

Costs

The Anthos Sample Deployment on Google Cloud is not intended for production use. Anthos for non-production use, including exploring the Anthos Sample Deployment on Google Cloud, is free for up to 100 vCPUs until August 31, 2020.

On September 1, 2020 (or thirty days after first enabling the Anthos API, whichever comes later), you will be converted to pay-as-you-go and be charged the fees for Anthos on Google Cloud listed at Google Cloud Platform SKUs unless you have an Anthos subscription.

You are responsible for other Google Cloud costs incurred while running the Anthos Sample Deployment, such as charges for Compute Engine VMs and load balancers. You can see an estimated monthly cost for all these resources on the deployment's Google Cloud Marketplace page. We recommend cleaning up after finishing the tutorial or exploring the deployment to avoid incurring further charges.

Before you begin

The Anthos Sample Deployment on Google Cloud requires that you use a new project with no existing resources.

The following additional project requirements apply:

  • You must have enough quota in the target deployment project and zone for at least 7 vCPUs, 24.6 GB of memory, 310-GB of disk space, one VPC, two firewall rules, and one Cloud NAT.
  • Your organization does not have a policy that explicitly restricts the use of click-to-deploy images.

Before you start the tutorial:

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Cloud Console, on the project selector page, select or create a Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Google Cloud project. Learn how to confirm billing is enabled for your project.

  4. Ensure Service Management API is enabled.

    Enable Service Management API

Then do the following to ensure that your project meets the requirements for running the Anthos Sample Deployment:

  1. In your new project, launch Cloud Shell by clicking Activate Cloud Shell Activate Shell Button in the top toolbar.

    Cloud Shell is an interactive shell environment for Google Cloud that lets you manage your projects and resources from your web browser. You will use Cloud Shell again later in this tutorial to update your application's configuration.

  2. Configure Cloud Shell with the target deployment zone, replacing ZONE in the following command:

    gcloud config set compute/zone ZONE
    
  3. Enter the following command to run a script that checks that your project meets the necessary requirements:

    curl -sL https://github.com/GoogleCloudPlatform/anthos-sample-deployment/releases/latest/download/asd-prereq-checker.sh | sh -
    

    Output (example):

    Your active configuration is: [cloudshell-4100]
    Checking project my-project-id, region us-central1, zone us-central1-c
    
    PASS: User has permission to create service account with the required IAM policies.
    PASS: Org Policy will allow this deployment.
    PASS: Service Management API is enabled.
    PASS: Anthos Sample Deployment does not already exist.
    PASS: Project ID is valid, does not contain colon.
    PASS: Project has sufficient quota to support this deployment.
    

If anything doesn't PASS, see our troubleshooting guide. If you don't fix these errors, you might not be able to deploy the sample.

What's deployed?

The Anthos Sample Deployment on Google Cloud provisions your project with the following:

  • One GKE cluster running on Google Cloud: anthos-sample-cluster1.

  • Anthos Service Mesh installed on the cluster. You will use Anthos Service Mesh to manage the service mesh on anthos-sample-cluster1.

  • Online Boutique application running on the cluster. This is a web-based e-commerce app that uses a number of microservices written in various programming languages, including Java, Go, Python, and JavaScript.

  • A single Compute Engine instance (virtual machine) that performs a number of automated tasks to jump-start the tutorial environment after the cluster is created: asd-jump-server.

  • A VPC with a subnetwork within the target deployment region for the GKE cluster and Compute Engine instance. A Cloud NAT gateway on a Cloud Router, and firewall rules for connectivity to and between the deployment's components.

Launch the Anthos Sample Deployment on Google Cloud

Launch the Anthos Sample Deployment on Google Cloud through the Cloud Marketplace:

  1. Open the Anthos Sample Deployment on Google Cloud.

    Go to the Anthos Sample Deployment on Google Cloud

  2. Select and confirm the Google Cloud project to use. This should be the project that you created in the Before you begin section.

  3. Click LAUNCH. It can take several minutes to progress to the deployment configuration screen while the solution enables a few APIs.

  4. (Optional) In the deployment configuration screen, specify your chosen deployment name, zone, and Service Account. However, for your first deployment, we recommend that you accept all of the provided default values, including creating a new Service Account.

  5. Click Deploy. Deploying the trial can take up to 15 minutes, so don't be concerned if you have to wait for a while.

While the deployment is progressing, the Cloud Console transitions to the Deployment Manager view. After the sample is deployed, you can review the full deployment. You should see a list of all enabled resources, including one GKE cluster (anthos-sample-cluster1) and one Compute Engine instance (asd-jump-server).

If you encounter any deployment errors, see our troubleshooting guide.

Using the Anthos Dashboard

Anthos provides an out-of-the-box structured view of all your applications' resources, including clusters, services, and workloads, giving you an at-a-glance view of your resources at a high level, while letting you drill down when necessary to find the low-level information that you need. To see your deployment's top-level dashboard, go to your project's Anthos Dashboard in the Google Cloud Console.

Go to the Anthos Dashboard

You should see:

  • A Service mesh section that tells you that you have 11 services (but that they need action to see their health). You'll find out more about what this means later in the tutorial.

  • A Cluster status section that tells you that you have one healthy GKE cluster.

Screenshot of Anthos Dashboard

Explore Anthos GKE resources

The Anthos Clusters page shows you all the clusters in your project registered to Anthos, including clusters outside Google Cloud. You can also use the Google Kubernetes Engine Clusters page to see all the clusters in your project. In fact, the Anthos Clusters page lets you drill down to the GKE pages if you need to see more cluster and node details.

In this section, you'll take a closer look at the Online Boutique's GKE resources.

Cluster management

  1. In the Google Cloud Console, go to the Anthos Clusters page.

    Go to the Clusters page

  2. Click the anthos-sample-cluster1 cluster to view its basic details in the right pane, including its Type, Master version, and Location. You can also see which Anthos features are enabled in this cluster in the Cluster features section.

  3. For more detailed information about this cluster, click More details in GKE. This brings you to the cluster's page in the Google Kubernetes Engine console, with all the current settings for the cluster.

  4. In the Google Kubernetes Engine console, click the Nodes tab to view all the worker machines in your cluster. From here, you can drill down even further to see the workload Pods running on each node, as well as a resource summary of the node (CPU, memory, storage).

You can find out more about GKE clusters and nodes in the GKE documentation.

Cluster workloads

The Google Kubernetes Engine console has a Workloads view that shows an aggregated view of the workloads (Pods) running on all your GKE clusters.

Workloads from the GKE cluster and namespaces are shown. For example, workloads in the onlineboutique namespace are running in anthos-sample-cluster1.

Services & Ingress

Finally the Services & Ingress view shows the project's Service and Ingress resources. A Service exposes a set of pods as a network service with an endpoint, while an Ingress manages external access to the services in a cluster. However, rather than a regular Kubernetes Ingress, the Online Boutique uses an ingress gateway service for traffic to the shop, which Anthos Service Mesh meshes can use to add more complex traffic routing to their inbound traffic. You can see this in action when you use the service mesh observability features later in this tutorial.

  1. In the Google Kubernetes Engine console, go to the Services & Ingress page.

    Go to the Services & Ingress page

  2. To find the Online Boutique ingress gateways, scroll down the list of available services to find the service with the name istio-ingressgateway.

  3. Select the ingress gateway service for anthos-sample-cluster1 in the list to open its Service details view, which shows more information about the service including all of its external endpoints. An ingress gateway manages inbound traffic for your application service mesh, so in this case we can use its details to visit the Online Boutique's web frontend.

  4. In the Service details view for istio-ingressgateway, click the external endpoint using port 80. You should be able to explore the Online Boutique web interface.

Observing services

Anthos's service management and observability is provided by Anthos Service Mesh, a suite of tools powered by Istio that helps you monitor and manage a reliable service mesh. To find out more about Anthos Service Mesh and how it helps you manage microservices, see the Anthos Service Mesh documentation. If you're not familiar with using microservices with containers and what they can do for you, see Preparing an application for Anthos Service Mesh.

In our example, the cluster in the sample deployment has the microservice-based Online Boutique sample application running on it. The application also includes a loadgenerator utility that simulates a small amount of load to the cluster so that you can see metrics and traffic in the dashboard.

In this section, you'll use the Anthos Service Mesh page to look at this application's services and traffic.

Observe the Services table view

  1. Go to the Anthos Service Mesh page.

    Go to the Anthos Service Mesh page

  2. The page displays the table view by default, which shows a list of all your project's microservices. To filter to only the Online Boutique services, select onlineboutique from the Namespace drop-down at the top of the page.

Each row in the table is one of the services that makes up the Online Boutique application; for example, the frontend service renders the application's web user interface, and the cartservice service tracks a user's cart of items for purchase.

Each service listing shows up-to-date metrics, such as Error rate and key latencies, for that service. These metrics are collected out-of-the-box for services deployed on Anthos. You do not need to write any application code to see these statistics.

You can drill down from this view to see even more details about each service. For example, to learn more about the shippingservice service:

  1. Click shippingservice in the services list. The service details page shows all the telemetry available for this service.

  2. On the shippingservice page, on the Navigation menu, select Connected Services. Here you can see both the Inbound and Outbound connections for the service. An unlocked lock icon indicates that some traffic has been observed on this port that is not encrypted using mutual TLS (mTLS). You can find out more about how this works in the Secure Anthos tutorial.

Screenshot of Anthos Service Mesh Connected Services view

Observe the Services topology view

The table view isn't the only way to observe your services in Anthos. The topology view lets you focus on how the services interact.

  1. If you haven't done so already, return to the table view from the service details view by clicking the back arrow at the top of the page.

  2. At the top-right of the page, click Topology to switch from the table view to the workload/service graph visualization. As you can see from the legend, the graph shows both the application's Anthos Service Mesh services and the GKE workloads that implement them.

    Screenshot of Anthos Service Mesh topology view

Now you can explore the topology graph. Anthos Service Mesh automatically observes which services are communicating with each other to show service-to-service connections details:

  • Hold your mouse pointer over an item to see additional details, including outbound QPS from each service.

  • Drag nodes with your mouse to improve your view of particular parts of the graph.

  • Click service nodes for more service information.

  • Click Expand when you hold the pointer over a workload node to drill down for even more details, including the number of instances of this workload that are currently running.

Exploring the deployment further

While this tutorial has shown you many Anthos features, there's still lots more to see and do in Anthos with our deployment. Visit one of our follow-up tutorials to try some hands-on tasks with Anthos, or continue to explore the Anthos Sample Deployment on Google Cloud yourself, before following the cleanup instructions in the next section.

Try more tutorials:

Cleaning up

After you've finished exploring the Anthos Sample Deployment, you can clean up the resources that you created on Google Cloud so they don't take up quota and you aren't billed for them in the future. The following sections describe how to delete or turn off these resources.

  • Option 1. You can delete the project. This is the recommended approach. However, if you want to keep the project around, you can use Option 2 to delete the deployment.

  • Option 2. (Experimental) If you're working within an existing but empty project, you may prefer to manually revert all the steps from this tutorial, starting with deleting the deployment.

  • Option 3. (Experimental) If you're an expert on Google Cloud or have existing resources in your cluster, you may prefer to manually clean up the resources that you created in this tutorial.

Delete the project (option 1)

  1. In the Cloud Console, go to the Manage resources page.

    Go to the Manage resources page

  2. In the project list, select the project that you want to delete and then click Delete .
  3. In the dialog, type the project ID and then click Shut down to delete the project.

Delete the deployment (option 2)

This approach relies on allowing Deployment Manager to undo what it created. Even if the deployment had errors, you can use this approach to undo it.

  1. In the Cloud Console, on the Navigation menu, click Deployment Manager.

  2. Select your deployment, and then click Delete.

  3. Confirm by clicking Delete again.

  4. Even if the deployment had errors, you can still select and delete it.

  5. If clicking Delete doesn't work, as a last resort you can try Delete but preserve resources. If Deployment Manager is unable to delete any resources, you need to note these resources and attempt to delete them manually later.

  6. Wait for Deployment Manager to finish the deletion.

  7. (Temporary step) On the Navigation menu, click Network services > Load balancing, and then delete the forwarding rules created by the anthos-sample-cluster1 cluster.

  8. (Optional) Go to https://source.cloud.google.com/<project_id>. Delete the repository whose name includes config-repo if there is one.

  9. (Optional) Delete the Service Account that you created during the deployment and all of its IAM roles.

Perform a manual cleanup (option 3)

This approach relies on manually deleting the resources from the Google Cloud Console.

  1. In the Cloud Console, on the Navigation menu, click Kubernetes Engine.

  2. Select your cluster and click Delete, and then click Delete again to confirm.

  3. In the Cloud Console, on the Navigation menu, click Compute Engine.

  4. Select the jump server and click Delete, and then click Delete again to confirm.

  5. Follow Steps 7 and 8 of Option 2.

If you plan to redeploy after the manual cleanup, verify that all requirements are met as described in the Before you begin section.

What's next

Take our survey

When you finish working on this tutorial, please complete our survey. We're interested in hearing about any issues you might have at any point in the tutorial. Thanks for using the survey to submit your feedback.

Thank you!

The Anthos Team