Google Inc. Wednesday revamped its service for running Kubernetes-based containers in the cloud, with a focus on better security.

The latest edition of Google Container Engine, known as GKE, brings the service up to date with the new Kubernetes 1.7 release that was announced two weeks ago.

The Kubernetes project has effectively become the industry’s standard tool for private and public cloud container orchestration. With so many enterprises looking to adopt Kubernetes and GKE, one of the major concerns of the project is security, and that’s what Google is emphasizing in this latest release.

In a blog post, Aparna Sinha, group product manager, Container Engine, noted that enterprises need to adhere to some pretty strict security requirements, and she claimed that GKE is the most secure version of Kubernetes available. That’s because Google itself controls the operating system used to run the nodes in a container deployment. Google’s container OS is based on its Chromium OS software, but it’s a minimalist system that offers only a small attack surface. It’s also managed and patched proactively by Google, Sinha said.

GKE’s security credentials have now been significantly enhanced with this release, with the addition of a new Node Authorizer that authorizes application program interface requests made by kubelets, which are the primary node agents that run on each node. Google also announced “HTTP re-encryption,” which ensures data is fully encrypted in-transit, not only just on its way to Google’s data centers but also after it hits the company’s network.

The release also includes the new Kubernetes NetworkPolicy API, which allows users to control which pods can communicate with each other, providing more in-depth defense and improving secure multi-tenancy.

“Container Engine is one of the first commercial Kubernetes offerings running the latest 1.7 release, and includes differentiated features for enterprise security, extensibility, hybrid networking and developer efficiency,” Sinha explained.

Google has also done a lot of work on the extensibility side so users can extend Kubernetes with third-party applications. One new feature, available in beta, is API Aggregation, which extends the Kubernetes API with customer APIs.

There’s also an improved Custom Resource Definition API, which provides a lightweight way to store structured metadata in Kubernetes. Meanwhile, the introduction of Dynamic Admission Control allows users to incorporate custom business logic into their GKE clusters.

One last new feature that’s worth a mention is support for machines running Nvidia Corp.’s K80 graphics processing units, aimed at those looking to run machine learning workloads inside their containers. This feature is currently available in alpha.

The full list of updates can be seen in Google’s blog post.

Image: Kliemphoto/pixabay