With its Kubernetes Engine (GKE), Google Cloud has lengthy supplied a managed service for working containers on its platform. Kubernetes customers are likely to have a wide range of wants, however thus far, Google solely supplied a single tier of GKE that wasn’t essentially geared towards the high-end enterprise customers the corporate is making an attempt to woo. At present, nonetheless, the corporate introduced a brand new superior version of GKE that introduces quite a lot of new options and an enhanced financially backed SLA, extra safety instruments and new automation options. You possibly can consider GKE Superior because the enterprise model of GKE.
The brand new service will launch within the second quarter of the yr and hasn’t but introduced pricing. The common model of GKE is now referred to as GKE Normal.
Google says the service builds upon the corporate’s personal learnings from working a posh container infrastructure internally for years.
For enterprise clients, the financially backed SLA is definitely a pleasant bonus. The promise right here is 99.95 p.c assured availability for regional clusters.
Most customers who go for a managed Kubernetes setting accomplish that as a result of they don’t wish to cope with the effort of managing these clusters themselves. With GKE Normal, there’s nonetheless some work to be accomplished with regard to scaling the clusters. Due to this, GKE Superior features a Vertical Pod Autoscaler that retains on eye on useful resource utilization and adjusts it as vital, in addition to Node Auto Provisioning, an enhanced model of cluster autoscaling in GKE Normal.
Along with these new GKE Superior options, Google is including GKE safety features just like the GKE Sandbox, which is presently in beta and can come completely to GKE Superior as soon as it’s launched, and the power to implement that solely signed and verified photos are used within the container setting.
The Sandbox makes use of Google’s gVisor container sandbox runtime. With this, each sandbox will get its personal user-space kernel, including an extra layer of safety. With Binary Authorization, GKE Superior customers can also make sure that all container photos are signed by a trusted authority earlier than they’re put into manufacturing. Any person may theoretically nonetheless smuggle malicious code into the containers, however this course of, which enforces normal container launch practices, for instance, ought to make sure that solely licensed containers can run within the setting.
GKE Superior additionally contains assist for GKE utilization metering, which permits corporations to maintain tabs on who’s utilizing a GKE cluster and cost them in accordance. This function, too, shall be unique to GKE Superior.