CLOUD
CLOUD
CLOUD
Google reinforces its hosted Kubernetes service with new network security controls
Google LLC’s latest update to its public cloud aims to make the platform a more attractive destination for running software container projects.
The update, released today, introduces three new networking controls for the platform’s Google Kubernetes Engine service. It’s a hosted implementation of the Kubernetes framework, which was released into open source by the search giant in 2014 and has since become the go-to tool for managing containers.
Companies using the service can now set up their deployments in a so-called virtual private cloud. A VPC is a logically isolated part of Google’s public cloud that’s not exposed to the public web, which reduces the risk of cyberattacks and can help with regulatory compliance. Rivals such as Amazon Web Services Inc. offer their own versions of this option.
The ability to run Kubernetes Engine in an isolated space within Google’s cloud should appeal to enterprise customers. Companies are harnessing containers for more and more workloads, including the kind of mission-critical applications typically kept inside VPCs, because the technology provides a lightweight, portable way to deploy software. Containerized services can be moved between different environments with relative ease compared to traditional workloads.
The two other features that Google added alongside the VPC capability allow companies to further customize network access to their Kubernetes clusters. The first, dubbed Shared VPC, makes it possible to link a deployment with the other isolated environments that a company runs on Google’s cloud so that disparate services may communicate with one another.
This setup can also help simplify management operations. It lets a company’s information technology group centrally control key components such as firewalls, while relegating the day-to-day management of individual VPCs to so-called service project admins. Such an arrangement can come handy if, for example, different business divisions each maintain their own separate Kubernetes Engine deployments.
Lastly, Google has added a feature called master authorized networks to simplify remote maintenance. Administrators can now make the master Kubernetes server that controls a deployment accessible from preapproved public IP addresses that don’t belong to the corporate network, while still blocking off the broader web.
Photo: Google
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
