Editor’s note: This post is part of our blog post series on container security at Google. Security in the cloud is a shared responsibility between the cloud provider and the customer. Google Cloud is committed to doing its part to protect the underlying infrastructure, like encryption at rest by default, and in providing capabilities you can use to protect your workloads, like access controls in Cloud Identity and Access Management (IAM). As newer infrastructure models emerge, though, it’s not always easy to figure out what you’re responsible for versus what’s the responsibility of the provider. In this blog post, we aim to clarify for GoogleRead More →

In North America, approximately 95% of adults over the age of 25 have a bank account. In the developing world, that number is only about 52%. Cryptocurrencies can provide a platform for millions of unbanked people in the world to achieve financial freedom on a more level financial playing field. Electroneum, a cryptocurrency company located in England, built its cryptocurrency mobile back end on AWS and is using the power of blockchain to unlock the global digital economy for millions of people in the developing world. Electroneum’s cryptocurrency mobile app allows Electroneum customers in developing countries to transfer ETNs (exchange-traded notes) and pay for goodsRead More →

Authors: The 1.14 Release Team We’re pleased to announce the delivery of Kubernetes 1.14, our first release of 2019! Kubernetes 1.14 consists of 31 enhancements: 10 moving to stable, 12 in beta, and 7 net new. The main themes of this release are extensibility and supporting more workloads on Kubernetes with three major features moving to general availability, and an important security feature moving to beta. More enhancements graduated to stable in this release than any prior Kubernetes release. This represents an important milestone for users and operators in terms of setting support expectations. In addition, there are notable Pod and RBAC enhancements in thisRead More →

Author: Patrick Ohly (Intel) More and more components that used to be part of Kubernetes are now being developed outside of Kubernetes. For example, storage drivers used to be compiled into Kubernetes binaries, then were moved into stand-alone Flexvolume binaries on the host, and now are delivered as Container Storage Interface (CSI) drivers that get deployed in pods inside the Kubernetes cluster itself. This poses a challenge for developers who work on such components: how can end-to-end (E2E) testing on a Kubernetes cluster be done for such external components? The E2E framework that is used for testing Kubernetes itself has all the necessary functionality. However,Read More →

Author: Malte Isberner (StackRox) Kubernetes has greatly improved the speed and manageability of backend clusters in production today. Kubernetes has emerged as the de facto standard in container orchestrators thanks to its flexibility, scalability, and ease of use. Kubernetes also provides a range of features that secure production workloads. A more recent introduction in security features is a set of plugins called “admission controllers.” Admission controllers must be enabled to use some of the more advanced security features of Kubernetes, such as pod security policies that enforce a security configuration baseline across an entire namespace. The following must-know tips and tricks will help you leverageRead More →

Objective This blog post describes the steps required to setup a multi node Kubernetes cluster for development purposes. This setup provides a production-like cluster that can be setup on your local machine. Why do we require multi node cluster setup? Multi node Kubernetes clusters offer a production-like environment which has various advantages. Even though Minikube provides an excellent platform for getting started, it doesn’t provide the opportunity to work with multi node clusters which can help solve problems or bugs that are related to application design and architecture. For instance, Ops can reproduce an issue in a multi node cluster environment, Testers can deploy multipleRead More →

Kubernetes is now the de-facto standard for container orchestration. With more and more organizations adopting Kubernetes, it is essential that we get our fundamental ops-infra in place before any migration. In my previous post we learnt about monitoring our workloads. This post will focus on pushing out new releases of the application to our Kubernetes cluster i.e. Continuous Delivery Pre-requisites Running Kubernetes Cluster (GKE is used for the purpose of this blog) A Spinnaker set-up with Jenkins CI enabled. Github webhooks enabled for Jenkins jobs. Strategy Overview Github + Jenkins : CI System to build the docker image and push to registry. Docker hub: Registry to store docker images. Spinnaker :Read More →

Editor’s note: On February 20, we hosted the fourth annual Container Security Summit at Google’s campus in Seattle. This event aims to help security professionals increase the security of their container deployments and apply the latest in container security research. Here’s what we learned. Container security is a hot topic, but it can be intimidating. Container developers and operators don’t usually spend their days studying security exploits and threat analysis; likewise, container architectures and components can feel foreign to the security team. Dev, ops, and security teams all want their workloads to be more secure (and make those pesky containers actually “contain”!); the challenge isRead More →

In this blog on Kubernetes Networking, you will understand the following topics: What is Kubernetes? Networking in Kubernetes Wealth Wizard Use-Case Hands-On What Is Kubernetes? You can define Kubernetes as an open-source container orchestration tool that provides a portable platform for automating the deployment of containerized applications. Now, anybody working with Kubernetes must have a clear understanding of Kubernetes Cluster as that will help you in understanding Kubernetes Networking. Kubernetes Cluster The Kubernetes platform offers desired state management, which enables the cluster services to run, the fed configuration in the infrastructure. Let me explain with an example. Consider a YAML file which has all the configuration informationRead More →

Authors: Ben Swartzlander (NetApp), Saad Ali (Google) Kubernetes v1.13 moves raw block volume support to beta. This feature allows persistent volumes to be exposed inside containers as a block device instead of as a mounted file system. What are block devices? Block devices enable random access to data in fixed-size blocks. Hard drives, SSDs, and CD-ROMs drives are all examples of block devices. Typically persistent storage is implemented in a layered maner with a file system (like ext4) on top of a block device (like a spinning disk or SSD). Applications then read and write files instead of operating on blocks. The operating systems takeRead More →