Google is claiming the first commercial implementation of the latest Kubernetes release as part of its Google Container Engine (GKE) platform.
The move is unsurprising as Google was one of the lead developers on the latest Kubernetes 1.7 update and was the initial innovator behind the container management platform.
The latest Kubernetes release was unveiled late last month, keeping with the platform’s three-month update schedule. The update includes additional security, storage, and extensibility features designed to target growing enterprise use of the open source technology.
Google said it took advantage of the updates to focus on security enhancements to its GKE, which is the abstraction layer orchestrating container management for the Google Cloud Platform (GCP). The GKE update also includes plans to extend support for hybrid workloads with networking capabilities unique to Google Cloud.
Aparna Sinha, group product manager for Kubernetes and GKE, said the company is aggressive in pushing the latest updates to its managed platform.
“We get those Linux kernel patches updated very quickly,” Sinha said. “And there are many.”
With Kubernetes’ rapid update cycle, Sinha noted it was important to push the latest updates as quickly as possible in order to improve security and reduce operational issues.
“Container and orchestration is updating at a frantic pace,” Sinha said. “There is significant functionality added in each release and our users want to tap into those functions as fast and easily as possible. Most people have not figured out how to do these updates without causing some downtime, and that’s where it’s important to work with a provider that can handle these issues.”
Security and Extensibility
The latest GKE security updates include restricting application programming interface (API) access to resources only required to run an operation; user control over which sets of containers can communicate with each other; and control over encryption for content transported between the cloud infrastructure and the Google Cloud Load Balancing (GCLB) service.
Google explained the features improve workload isolation within compute resources that run containerized applications, also known as clusters. The new features can also be combined with existing GKE control to bolster multitenancy support.
Networking support for hybrid cloud and virtual private networks (VPNs) include the ability to create clusters and access resources across private IP addresses, and it extends the ability to use GKE clusters with existing networks. A new internal load balancing beta also allows for Kubernetes and non-Kubernetes services to access one another on a private network.
Brian Grant, principal engineer at Google, explained that the extensibility updates allow users to adopt Kubernetes without needing to modify their current deployments. This capability goes back to Sinha’s comment on most enterprises not being able to keep pace with Kubernetes development, and thus needing to be able to update systems without impacting ongoing operations.
Updates to the managed platform are currently available to hosted customers.
Highlighting the growth in cloud usage and demand, Google said it added new GKE clusters in Australia, Southeast Asia, the U.S. West Coast, and Western Europe. The clusters join six already supporting services.