Google LLC’s latest update to its public cloud aims to make the platform a more attractive destination for running software container projects.

The update, released today, introduces three new networking controls for the platform’s Google Kubernetes Engine service. It’s a hosted implementation of the Kubernetes framework, which was released into open source by the search giant in 2014 and has since become the go-to tool for managing containers.

Companies using the service can now set up their deployments in a so-called virtual private cloud. A VPC is a logically isolated part of Google’s public cloud that’s not exposed to the public web, which reduces the risk of cyberattacks and can help with regulatory compliance. Rivals such as Amazon Web Services Inc. offer their own versions of this option.

The ability to run Kubernetes Engine in an isolated space within Google’s cloud should appeal to enterprise customers. Companies are harnessing containers for more and more workloads, including the kind of mission-critical applications typically kept inside VPCs, because the technology provides a lightweight, portable way to deploy software. Containerized services can be moved between different environments with relative ease compared to traditional workloads.

The two other features that Google added alongside the VPC capability allow companies to further customize network access to their Kubernetes clusters. The first, dubbed Shared VPC, makes it possible to link a deployment with the other isolated environments that a company runs on Google’s cloud so that disparate services may communicate with one another.

This setup can also help simplify management operations. It lets a company’s information technology group centrally control key components such as firewalls, while relegating the day-to-day management of individual VPCs to so-called service project admins. Such an arrangement can come handy if, for example, different business divisions each maintain their own separate Kubernetes Engine deployments.

Lastly, Google has added a feature called master authorized networks to simplify remote maintenance. Administrators can now make the master Kubernetes server that controls a deployment accessible from preapproved public IP addresses that don’t belong to the corporate network, while still blocking off the broader web.

Photo: Google