Google’s Container Engine is updated with a focus on security


Google has announced the latest updates to its Google Container Engine, its service for running Kubernetes-based software containers in its cloud. Like with previous releases, this update brings the Container Engine, or GKE, as Google calls it (where the ‘K’ stands for Kubernetes), up to date with the latest updates from the Kubernetes project.

[Kubernetes is an open-source platform for automating deployment, scaling, and operations of application containers across clusters of hosts, providing container-centric infrastructure.]

Now at version 1.7, the Kubernetes project is quickly establishing itself as the de facto standard for orchestrating software containers in both private and public clouds. Indeed, it’s probably not unfair to say that if Azure Stack is Microsoft’s way to allow its users to bring their workloads to their private clouds and enable hybrid cloud deployments, then Kubernetes, which was originally conceived at Google, is Google’s way of helping enterprises run hybrid deployments.

With this update, Google is putting a lot of emphasis on security. As more and more companies adopt GKE, their needs have obviously changed. Enterprises, especially, tend to have some pretty strict security requirements. The GKE team argues that its service is the most secure offering of Kubernetes on the market. The reason for this, Google argues, is that it controls the operating system that runs on all of the various nodes that make up a container deployment. What’s running there is an operating system that’s based on Chromium OS (which also forms the basis of Chrome OS). The version that runs in the cloud is a very minimal system that offers very little in terms of an attack surface and that’s managed and proactively patched by Google itself.

With this update, Google is profiting both from new security features in Kubernetes itself (like a new API for enforcing rules about how different pods can talk to each other) and new features in its data centers. Google now, for example, re-encrypts data as it hits its Google Cloud Load Balancing service to ensure that a customer’s data isn’t only encrypted on the way to Google’s data centers but also after it hits Google’s network.

As the Google team told me, enterprises are also looking for more extensibility and the ability to extend Kubernetes with third-party applications, including service meshes like Istio. Now that API aggregation is available in Kubernetes 1.7, Google, too, is able to offer this feature to its users.

Read the source article at TechCrunch.