Google's container engine receives security centric update

Google has announced the latest update to its Google Container Engine, the service that lets Kubernetes-based software containers run in its cloud. Following its regular trend, the update brings the engine up to date with the latest updates from the Kubernetes project, but with a major focus on security. The update aims to meet the strict security requirements of enterprises at a time of increasing digital threat.

The Google Kubernetes engine (GKE) is now at version 1.7 is becoming a rather apparent choice for enterprises running container based applications in both private and public clouds. The GKE is very comparable to Microsoft’s Azure Stack, its service that allow its users to bring their workloads to their private clouds and enable hybrid cloud deployments. The GKE is Google’s way of helping enterprises run hybrid deployments.

“Container Engine is designed with enterprise security in mind. By default, Container Engine clusters run a minimal, Google curated Container-Optimized OS (COS) to help minimize OS vulnerabilities. On top of that, a team of Google Site Reliability Engineers continuously monitor and manage the Container Engine clusters, so you don’t have to. Now, Container Engine adds several new security enhancements,” said Aparna Sinha, Group Product Manager of Google Container Engine.

The emphasis on security in this update is hard to miss. With enterprises all over the world adopting GKE, the needs have varied and the security requirements have skyrocketed. According to the GKE team, its service is one of the most secure offering of Kubernetes on the market because of the OS it runs on. Based on the Chromium OS, the OS is controlled by the team on all of the various nodes that make up a container deployment and is  is a very minimal system that offers very little in terms of an attack surface and that’s managed and proactively patched by Google itself.

It also has new security features developed by Kubernetes, like the new API that enforces rules about how different pods can talk to each other and new features in its data centers. From the looks of it both Google and the Kubernetes community is taking security very seriously. The new version is available on Container Engine, Google Cloud Platform’s (GCP) managed container service along with an additional support for GPU-based machines that run Nvidia’s K80 GPUs.