At Google Cloud, we already encrypt data at rest by default, including data in Google Kubernetes Engine (GKE). However, we understand that you may need additional controls over encryption in GKE, especially for sensitive data that is used or accessed by applications running there. Today, we’re releasing two features to help you protect and control your GKE  environment and support regulatory requirements: the general availability of GKE application-layer Secrets encryption, so you can protect your Kubernetes Secrets with envelope encryption; and customer-managed encryption keys (CMEK) for GKE persistent disks in beta, giving you more control over encryption of persistent disks. On Kubernetes Engine, your dataRead More →

In this post, I explain how to use the Jenkins open-source automation server to deploy AWS CodeBuild artifacts with AWS CodeDeploy, creating a functioning CI/CD pipeline. When properly implemented, the CI/CD pipeline is triggered by code changes pushed to your GitHub repo, automatically fed into CodeBuild, then the output is deployed on CodeDeploy. Solution overview The functioning pipeline creates a fully managed build service that compiles your source code. It then produces code artifacts that can be used by CodeDeploy to deploy to your production environment automatically. The deployment workflow starts by placing the application code on the GitHub repository. To automate this scenario, IRead More →

When it comes to open source software (OSS) like Kubernetes, some people get nervous not knowing everyone who’s worked on the code in the project. “How can I trust something when anyone can contribute?” “If there’s a vulnerability, who’s paying attention?” In fact, many OSS projects have robust security teams and rigorous vulnerability management processes, just like you’d expect to find in proprietary software. For Kubernetes, a dedicated Product Security Committee oversees the security response process. Learning about this process will give you a better understanding about the project, what to do if you suspect an issue, and your role in vulnerability response as aRead More →

As Kubernetes has surged in popularity, its users are no longer just early adopters. A growing number of enterprises and SaaS providers also rely on large, multi-tenant Kubernetes clusters to run their workloads, benefitting from increased resource utilization and reduced management overhead.  In many large and medium-sized enterprises, a centralized infrastructure team is responsible for creating, maintaining, and monitoring Kubernetes clusters for the entire firm, and these teams provision resources for individual teams and applications. Consequently, there is a strong need to have accountability for resource usage of the shared environment.  Earlier this year, we announced GKE usage metering, which brings fine-grained visibility to yourRead More →

Developers love containers. They’re portable, helping to speed up development. They’re easy to inspect and debug, and they’re elastic, making it easy to scale up and down. But if you’re in a highly-regulated industry like financial services, you have complex and challenging regulatory IT requirements to deal with that can make it hard to adopt new technologies like containers and Kubernetes. In particular, if you handle payment card data, you must secure it using the Payment Card Industry Data Security Standard, or PCI-DSS. This standard was created to reduce the risk of debit and credit card data loss around the world, and is used byRead More →

Introduction The benefits of high availability, scalability, and elasticity that AWS offers has proven to be a boon for Software-as-a-Service (SaaS) providers. AWS has also made it seamless to adopt microservices architectures for modernizing these SaaS applications, as well as providing API-based access for external applications. An API management layer such as Amazon API Gateway is a natural choice for customers to expose APIs externally in a secure and highly scalable manner. However, as they adopt the cloud for their software applications and services, these providers may spin up redundant AWS environments to support them for multiple customers. This is typically driven by some uniqueRead More →

There are any number of events that cause IT outages and impact business continuity. These could include the unexpected infrastructure or application outages caused by flooding, earthquakes, fires, hardware failures, or even malicious attacks. Cloud computing opens a new door to support disaster recovery strategies, with benefits such as elasticity, agility, speed to innovate, and cost savings—all which aid new disaster recovery solutions. With AWS, organizations can acquire IT resources on-demand, and pay only for the resources they use. Automating disaster recovery (DR) has always been challenging. This blog post shows how you can use automation to allow the orchestration of recovery to eliminate manualRead More →

Google Cloud wants you to be able to use the cloud on your terms, and we provide a range of computing architectures to meet you where you are. In practice, this often means choosing between Compute Engine and Google Kubernetes Engine (GKE). But, which one will best serve your needs? If you’re used to managing virtual machines (VMs) in your on-premises environment or other clouds, and want a similar experience in Google Cloud, then Compute Engine is for you. It offers scale, performance, and value so you can easily launch large compute clusters on Google’s infrastructure. Compute Engine also lets you build predefined VMs orRead More →