At Google, we like to think of container security in three pillars: Secure to develop (infrastructure security protecting identities, secrets and networks); secure to build and deploy (vulnerability-free images, verification of what you deploy); and secure to run (isolating workloads, scaling, and identifying malicious containers in production). These pillars cover the entire lifecycle of a container, and help ensure end-to-end security. We’ve been hard at work to make it easier for you to ensure security as you develop, build, deploy, and run containers, with new products and features in Google Kubernetes Engine and across Google Cloud. Here’s what we recently announced at Next ‘19, andRead More →

Authors: Mikko Ylinen (Intel) Abstract A Kubernetes Ingress is a way to connect cluster services to the world outside the cluster. In order to correctly route the traffic to service backends, the cluster needs an Ingress controller. The Ingress controller is responsible for setting the right destinations to backends based on the Ingress API objects’ information. The actual traffic is routed through a proxy server that is responsible for tasks such as load balancing and SSL/TLS (later “SSL” refers to both SSL or TLS ) termination. The SSL termination is a CPU heavy operation due to the crypto operations involved. To offload some of theRead More →

Editor’s note: Today we’re hearing from Couchbase, a database partner that’s built a NoSQL, open source-centric database that can run on Kubernetes. Read on for more about their architecture and how developers use their technology. Building and running modern web, mobile, and IoT applications has created a new set of technology requirements. Relational databases don’t work for these new requirements, because these apps need better agility, scalability, and performance than is possible when a database is tied to a single physical/VM instance. So we’ve seen many enterprises turning to NoSQL database technology, since it’s designed to manage unstructured and semi-structured data like web content, multimediaRead More →

Editor’s note: This is one of the many posts on unique differentiated capabilities in Google Kubernetes Engine (GKE). Find the first post here for details on GKE Advanced. Whether you run it on-premises or in the cloud, Kubernetes has emerged as the de facto tool for scheduling and orchestrating containers. But while Kubernetes excels at managing individual containers, you still need to manage both your workloads and the underlying infrastructure to make sure Kubernetes has sufficient resources to operate (but not too many resources). To do that, Kubernetes includes two mature autoscaling features: Horizontal Pod Autoscaler for scaling workloads running in pods, and Cluster AutoscalerRead More →

Editor’s note:This is the first of many posts on unique differentiated capabilities in Google Kubernetes Engine. Stay tuned in the coming weeks as we discuss GKE’s more advanced features. Kubernetes has come a long way since Google open-sourced it in 2014. Since then, the community has developed a robust suite of installation, management, and configuration tooling for a variety of use cases. But many organizations are overwhelmed by having to run Kubernetes on their own, and instead adopt Google Kubernetes Engine (GKE), our managed service. Their concern isn’t the underlying infrastructure; they just want a strong foundation that lets them focus on their business. Today,Read More →

  A few days ago, the Kubernetes community announced Kubernetes 1.14, the most recent version of Kubernetes. Alongside it, Minikube, a part of the Kubernetes project, recently hit the 1.0 milestone, which supports Kubernetes 1.14 by default. Kubernetes is a real winner (and a de facto standard) in the world of distributed Cloud Native computing. While it can handle up to 5000 nodes in a single cluster, local deployment on a single machine (e.g. a laptop, a developer workstation, etc.) is an increasingly common scenario for using Kubernetes. A few weeks ago I ran a poll on Twitter asking the community to specify their preferredRead More →