SlideShare a Scribd company logo

Top 3 reasons why you should run your Enterprise workloads on GKE

Sreenivas Makam
Sreenivas Makam

This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.

Technology
1 of 47
Download to read offline
Top 3 reasons why you should run your Enterprise workloads on GKE Sreenivas Makam Partner Engineer @Google Cloud
Agenda ● Why Containers, Docker and Kubernetes ● GKE Value-Add ● GKE differentiators for Enterprises - Security, Observability and Openness ● Demo
“Keeping our infrastructure perfectly homogenous is giving me nightmares” “It ran fine on MY machine” Problem: Deployments and Ops are Hard “We want to get the best utilization of our infrastructure” “Keeping our infrastructure perfectly homogenous is giving me nightmares” “It ran fine on MY machine” “My developers aren’t as productive as they should be. Deployments are slowing us down”
Bare Metal, VM and Container Virtual machine Kernel Dependencies Application Code Hardware + hypervisor Dedicated server Kernel Dependencies Application Code Hardware Container Kernel + Container Runtime Dependencies Application Code Hardware Deployment ~mins (sec) Portable Very Efficient Deployment ~months Not portable Low utilization Deployment ~days (mins) Hypervisor specific Low isolation, Tied to OS
Why Containers ● Self contained ● Portability ● Decoupling from machine ● Image immutability ● Faster development ● Faster deployment Virtual machine Container ImageMagick 6.4.90 Container ImageMagick 7.0.28 Payments application Rendering application Linux distribution Hardware
But they introduce a new set of challenges “Where should I run my containers?” “If we run our containers on VMs, I don’t want to manage anything” “How do I get my containers to talk to one another?” “How do we ensure our containers are running smoothly?” “We don’t want to be locked into one cloud provider”
Why Kubernetes ● Decoupling from infra ● Autoscaling ● Autohealing ● Automated rollout and rollbacks ● Abstractions that are cloud native and microservices friendly ● Extensible ● Open-source ● Integrates well with other Devops tools
Kubernetes cluster Worker node Master node Worker node Docker Kubelet Control Plane Docker Kubelet Deployment Pod Contain er Container Pod Contain er Container Node pool Deployment Pod Contain er Container Pod Contain er Container Pod Contain er Container Pod Contain er Container Deployment Pod Contain er Container Pod Contain er Container Pod Contain er Container Pod Contain er Container service calls Service A Service B kubectl cmd Kubernetes Architecture
Kubernetes control plane Kubernetes Control Plane API Server etcd Scheduler Controller Manager Kubernetes Master API Server etcd Scheduler Controller Manager Kubernetes Nodes Kubelet Container Runtime Kube-Proxy Container Network
Kubernetes Abstractions Pod Deployment Service Config & Secrets Volume Stateful set Jobs
Google Kubernetes Engine (GKE) gcloud cmd Kubernetes cluster Worker node Master node Worker node Runtime E.g.Docker Kubelet Control Plane Runtime E.g.Docker Kubelet Deployment Pod Containe r Container Pod Containe r Container Node pool Deployment Pod Containe r Container Pod Containe r Container Pod Containe r Container Pod Containe r Container Deployment Pod Containe r Container Pod Containe r Container Pod Containe r Container Pod Containe r Container service calls Service A Service B kubectl cmd GKE with Kubernetes
GKE Value Add ● Master management including master redundancy, upgrade, replication and backup ● Worker node lifecycle management ● IAM integration for security and authentication ● Get all benefits of Google compute engine including Networking and Storage ● Integration with other Google cloud services like load balancer, storage, big data, analytics ● Pod and cluster autoscale ● Integrated logging and monitoring with Stackdriver ● 99.5% SLA
Observability Security Openness GKE for Enterprises - Top 3 reasons
14 GKE for Enterprises - Security
Container Security pillars Software supply chain Is my container image secure to build and deploy? Infrastructure security Is my infrastructure secure for developing containers? Container runtime security Is my container secure to run? Application security Platform security Are my applications secure? Is my (cloud provider’s) infrastructure secure? ● IAM, RBAC, Pod access policy ● Shared VPC ● Private cluster ● Network control policy ● Image scanning ● Binary authorization ● Container OS ● Node OS(CoS) ● Cloud security command center ● Tie-up - Aquasec, Capsule8, Stackrox, Sysdig, Twistlock
Confidential & Proprietary Google Kubernetes Engine patches you to the latest version, automatically. This keeps you up to date with security patches and with new features Google Kubernetes Engine provides common best practices with security by default. There will always be app-level hardening and tuning to do Google Kubernetes Engine provides the best of Google Cloud Platform security features, with integrations with IAM, Audit Logging, VPC, and more 1 2 3 Why GKE security?
Kubernetes Engine: Use RBAC and IAM RBAC is enabled by default for GKE 1.8+ clusters Use IAM to manage users and permissions at the project-level, including API access, service accounts, and quotas. Use RBAC at the cluster and namespace level to set permissions. Infra sec
Kubernetes: RBAC Example RBAC is enabled by default for Kubernetes 1.8+ clusters e.g., give the ‘blue team’ user ‘cluster admin’ rights in the ‘blue’ namespace $ cat blue-binding.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: blue-dev-binding namespace: blue subjects: - kind: User name: blue-team-dev@kube-pw.iam.gsa.com roleRef: kind: ClusterRole name: admin apiGroup: rbac.authorization.k8s.io Infra sec
Kubernetes: PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: privileged: false # Don't allow privileged pods! allowPrivilegeEscalation: false # Don’t allow privilege escalation runAsUser: # Require the container to run without root privileges rule: ‘MustRunAsNonRoot’ supplementalGroups: # Forbid adding to the root group rule: ‘MustRunAs’ ranges: - min: 1 max: 65535 Infra sec
Network control policy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: hello-allow-from-product spec: policyTypes: - Ingress podSelector: matchLabels: app: reviews ingress: - from: - podSelector: matchLabels: app: productpage Product Reviews Details Ratings Infra sec
Private Clusters Trusted Virtual Private Cloud (VPC) Kubernetes Engine Cluster Node Node Node Google Kubernetes Engine Kubernetes Master Trusted On-prem Host HostVPN Untrusted Internet Infra sec
Shared VPC Sharing of common resources More granular billing Isolation of data and support for multi-tenant workloads Security and separation of roles Infra sec
Shared VPC Organization Apps project Kubernetes Engine clusters Apps team Shared VPC network subnet-1 subnet-2 Network admin Host Project DB project Kubernetes Engine clusters DB team Infra project Kubernetes Engine clusters Infra team Private IP connectivity Infra sec
GKE: Minimal OS Container-optimized OS (COS) based on Chromium OS, and maintained by Google ● Built from source: Since COS is based on Chromium OS, Google maintains all components and is able to rebuild from source if a new vulnerability is discovered and needs to be patched ● Smaller attack surface: Container-Optimized OS is purpose-built to run containers, has a smaller footprint, reducing your instance's potential attack surface ● Locked-down by default: Firewall restricts all TCP/UDP except SSH on port 22, and prevents kernel modules. Root file system is mounted read-only ● Automatic Updates: COS instances automatically download weekly updates in the background; only a reboot is necessary to use the latest updates. Google provides patches and maintenance https://cloud.google.com/container-optimized-os/ Image sec
GCR: Vulnerability Scanning (Alpha) ● Scans all images in your private Google Container Registry for known Common Vulnerabilities and Exposures (CVEs) ● Examines images and packages ● Works for: Debian, Ubuntu and Alpine images ● Images are scanned when: ○ An image is added to the registry ○ There is an update to the vulnerability database https://cloud.google.com/container-registry/docs/vulnerability-scanning Image sec
To use, ● Enable the Container Analysis API ● Enable Vulnerability Scanning GCR: Vulnerability Scanning (Alpha) https://cloud.google.com/container-registry/docs/vulnerability-scanning Image sec
27 Launch container Requirements met?YES Requirements Grafeas Binary Authorization policyNO Block launch Attestations Code Signed by: * Builder * Analysis tool Must be built by myphotos.com Binary authorization (Alpha) Image sec
Container security Runtime security Sandboxing Verification with vTPM Isolate a workload at the pod level using hypervisor-like technology Bind information to a node and verify integrity of a workload using TPMs Runtime detection agent Monitor, detect, and react to common container attacks Runtime sec
Runtime security partners in Cloud SCC Cloud Security Command Center 5 partner integrations Runtime sec
30 0GKE for Enterprises - Observability
Microservices Kubernetes makes it easy to break monolithic applications into independently scalable microservices More pieces to monitor and operate Stackdriver - Rethinking monitoring with Kubernetes Abstracted Infrastructure Kubernetes offers a lot of flexibility, with many constructs that support and make building your app easier Increased observability across your entire Kubernetes environment becomes necessary Highly Dynamic Environment Your environment scales and adapts as needed, changing as it reschedules and restarts components Keep track of your applications, which may be constantly moving
Multi-cluster monitoring with support for Kubernetes Engine on GCP and Kubernetes on-prem in a single place Hybrid, multi-cluster Kubernetes monitoring
33 Stackdriver logging ● Review, monitor and alert on audit logs centrally ● “jamie@myphotos.com deployed a new frontend version @ time T” ● Runtime metrics gathered and exported ● “Photo book creation latency in the last 10 minutes was 1.3s” K8s Application logs audit logs Stackdriver monitoring Prometheus GKE: Monitoring & logging
VPC Flow Logs for Kubernetes Engine BigQuery Cloud Pubsub Stackdriver Logging Captures all flows in VPC Integration with a host of partners Optimize network usage and egress Network Forensics & Security Analysis Real-time Security Analysis
Kubernetes Load Balancing - Suboptimal Two levels of load balancing Inaccurate cloud-level health checks Multiple network hops
GKE Load balancing with Network Endpoint Group Containers are “just another endpoint” Accurate cloud-level health checks and load balancing No extra network hops; direct connection from load balancer to container
Region: US West Kubernetes Engine Alice California Google Edge myapp.com 120.1.1.1 Chao Singapore Google Edge myapp.com 120.1.1.1 Region: Asia East Kubernetes Engine Bob London Google Edge myapp.com 120.1.1.1 Region: Europe West Kubernetes Engine kind: Ingress Google Global HTTP(S) Load Balancing Multi-region clusters
38 GKE for Enterprises - Open & Mature
Each week, Google launches more than four billion containers across its data centers around the world. These containers house the full range of applications Google runs, including user-facing applications such as Search, Gmail, and YouTube. Kubernetes was directly inspired by Google’s cluster manager, internally known as Borg. Borg allows Google to direct hundreds of thousands of software tasks across vast clusters of machines numbering in the tens of thousands — supporting seven businesses with over one billion users each. Borg and Kubernetes are the culmination of Google’s experience deploying resilient applications at scale. Containers at Google
GA for 3 years
Marquee customers Kubernetes Engine (GKE) marquee customers
...and many more
Cloud services platform(Hybrid cloud solution)
GKE Extended into your Datacenter Google Cloud Platform Serverless add-on for GKE Google Kubernetes Engine Istio add-on for GKE Service Marketplace Stackdriver + Prometheus Serverless add-on for GKE Google Kubernetes Engine On-Prem Istio add-on for GKE Service Marketplace Stackdriver + Prometheus Your Datacenter Single-pane-of-glass UI Policy Syncing Aggregated Logging CI/CD Service Discovery Multi-cluster Ingress
DEMO TIME!
Book review App
References ● Container Security - Blog series ● GKE NEXT18 sessions

Recommended

How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps DevopsSreenivas Makam
 
Kubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemKubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemSreenivas Makam
 
My kubernetes toolkit
My kubernetes toolkitMy kubernetes toolkit
My kubernetes toolkitSreenivas Makam
 
Containers in production with docker, coreos, kubernetes and apache stratos
Containers in production with docker, coreos, kubernetes and apache stratosContainers in production with docker, coreos, kubernetes and apache stratos
Containers in production with docker, coreos, kubernetes and apache stratosWSO2
 
Cloud spanner architecture and use cases
Cloud spanner architecture and use casesCloud spanner architecture and use cases
Cloud spanner architecture and use casesGDG Cloud Bengaluru
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
From Code to Kubernetes
From Code to KubernetesFrom Code to Kubernetes
From Code to KubernetesDaniel Oliveira Filho
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 

Recommended

How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps DevopsSreenivas Makam
 
Kubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemKubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemSreenivas Makam
 
My kubernetes toolkit
My kubernetes toolkitMy kubernetes toolkit
My kubernetes toolkitSreenivas Makam
 
Containers in production with docker, coreos, kubernetes and apache stratos
Containers in production with docker, coreos, kubernetes and apache stratosContainers in production with docker, coreos, kubernetes and apache stratos
Containers in production with docker, coreos, kubernetes and apache stratosWSO2
 
Cloud spanner architecture and use cases
Cloud spanner architecture and use casesCloud spanner architecture and use cases
Cloud spanner architecture and use casesGDG Cloud Bengaluru
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
From Code to Kubernetes
From Code to KubernetesFrom Code to Kubernetes
From Code to KubernetesDaniel Oliveira Filho
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 
Kubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsKubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsSandeep Parikh
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBitnami
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseCloud Technology Experts
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesImesh Gunaratne
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...Brian Grant
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18CodeOps Technologies LLP
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014brendandburns
 
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run Sreenivas Makam
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryImesh Gunaratne
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with KubernetesOVHcloud
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 

More Related Content

What's hot

Kubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsKubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsSandeep Parikh
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBitnami
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesImesh Gunaratne
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...Brian Grant
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18CodeOps Technologies LLP
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014brendandburns
 
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run Sreenivas Makam
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryImesh Gunaratne
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with KubernetesOVHcloud
 

What's hot (20)

Kubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsKubernetes and Hybrid Deployments
Kubernetes and Hybrid Deployments
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
Containers, Clusters and Kubernetes - Brendan Burns - Defrag 2014
 
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with Kubernetes
 

Similar to Top 3 reasons why you should run your Enterprise workloads on GKE

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDocker, Inc.
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Michael Man
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Codemotion
 
Kubernetes best practices with GKE
Kubernetes best practices with GKEKubernetes best practices with GKE
Kubernetes best practices with GKEGDG Cloud Bengaluru
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019Kumton Suttiraksiri
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsKubernetesCommunityD
 
Cloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CDCloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CDVMware Tanzu
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
 
Powerup & GCP | Workshop on Google Kubernetes Engine
Powerup & GCP | Workshop on Google Kubernetes EnginePowerup & GCP | Workshop on Google Kubernetes Engine
Powerup & GCP | Workshop on Google Kubernetes EnginePowerup
 
Mete Atamel "Resilient microservices with kubernetes"
Mete Atamel "Resilient microservices with kubernetes"Mete Atamel "Resilient microservices with kubernetes"
Mete Atamel "Resilient microservices with kubernetes"IT Event
 
Binary Authorization in Kubernetes
Binary Authorization in KubernetesBinary Authorization in Kubernetes
Binary Authorization in KubernetesAysylu Greenberg
 
Appsecco Kubernetes Hacking Masterclass Presentation Slides
Appsecco Kubernetes Hacking Masterclass Presentation SlidesAppsecco Kubernetes Hacking Masterclass Presentation Slides
Appsecco Kubernetes Hacking Masterclass Presentation SlidesAppsecco
 
Anthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsAnthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsGreg Castle
 
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017Codemotion
 

Similar to Top 3 reasons why you should run your Enterprise workloads on GKE (20)

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...
 
Kubernetes best practices with GKE
Kubernetes best practices with GKEKubernetes best practices with GKE
Kubernetes best practices with GKE
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped Environments
 
Cloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CDCloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CD
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
 
Powerup & GCP | Workshop on Google Kubernetes Engine
Powerup & GCP | Workshop on Google Kubernetes EnginePowerup & GCP | Workshop on Google Kubernetes Engine
Powerup & GCP | Workshop on Google Kubernetes Engine
 
Mete Atamel "Resilient microservices with kubernetes"
Mete Atamel "Resilient microservices with kubernetes"Mete Atamel "Resilient microservices with kubernetes"
Mete Atamel "Resilient microservices with kubernetes"
 
Binary Authorization in Kubernetes
Binary Authorization in KubernetesBinary Authorization in Kubernetes
Binary Authorization in Kubernetes
 
Appsecco Kubernetes Hacking Masterclass Presentation Slides
Appsecco Kubernetes Hacking Masterclass Presentation SlidesAppsecco Kubernetes Hacking Masterclass Presentation Slides
Appsecco Kubernetes Hacking Masterclass Presentation Slides
 
Anthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsAnthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applications
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017
 

More from Sreenivas Makam

GKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringGKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringSreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverSreenivas Makam
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudSreenivas Makam
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesSreenivas Makam
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
CoreOS Overview and Current Status
CoreOS Overview and Current StatusCoreOS Overview and Current Status
CoreOS Overview and Current StatusSreenivas Makam
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumSreenivas Makam
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature OverviewSreenivas Makam
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 

More from Sreenivas Makam (16)

GKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringGKE Tip Series - Usage Metering
GKE Tip Series - Usage Metering
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driver
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloud
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
 
Devops in Networking
Devops in NetworkingDevops in Networking
Devops in Networking
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
CoreOS Overview and Current Status
CoreOS Overview and Current StatusCoreOS Overview and Current Status
CoreOS Overview and Current Status
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and Tutum
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature Overview
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Top 3 reasons why you should run your Enterprise workloads on GKE

  • 1. Top 3 reasons why you should run your Enterprise workloads on GKE Sreenivas Makam Partner Engineer @Google Cloud
  • 2. Agenda ● Why Containers, Docker and Kubernetes ● GKE Value-Add ● GKE differentiators for Enterprises - Security, Observability and Openness ● Demo
  • 3. “Keeping our infrastructure perfectly homogenous is giving me nightmares” “It ran fine on MY machine” Problem: Deployments and Ops are Hard “We want to get the best utilization of our infrastructure” “Keeping our infrastructure perfectly homogenous is giving me nightmares” “It ran fine on MY machine” “My developers aren’t as productive as they should be. Deployments are slowing us down”
  • 4. Bare Metal, VM and Container Virtual machine Kernel Dependencies Application Code Hardware + hypervisor Dedicated server Kernel Dependencies Application Code Hardware Container Kernel + Container Runtime Dependencies Application Code Hardware Deployment ~mins (sec) Portable Very Efficient Deployment ~months Not portable Low utilization Deployment ~days (mins) Hypervisor specific Low isolation, Tied to OS
  • 5. Why Containers ● Self contained ● Portability ● Decoupling from machine ● Image immutability ● Faster development ● Faster deployment Virtual machine Container ImageMagick 6.4.90 Container ImageMagick 7.0.28 Payments application Rendering application Linux distribution Hardware
  • 6. But they introduce a new set of challenges “Where should I run my containers?” “If we run our containers on VMs, I don’t want to manage anything” “How do I get my containers to talk to one another?” “How do we ensure our containers are running smoothly?” “We don’t want to be locked into one cloud provider”
  • 7. Why Kubernetes ● Decoupling from infra ● Autoscaling ● Autohealing ● Automated rollout and rollbacks ● Abstractions that are cloud native and microservices friendly ● Extensible ● Open-source ● Integrates well with other Devops tools
  • 8. Kubernetes cluster Worker node Master node Worker node Docker Kubelet Control Plane Docker Kubelet Deployment Pod Contain er Container Pod Contain er Container Node pool Deployment Pod Contain er Container Pod Contain er Container Pod Contain er Container Pod Contain er Container Deployment Pod Contain er Container Pod Contain er Container Pod Contain er Container Pod Contain er Container service calls Service A Service B kubectl cmd Kubernetes Architecture
  • 9. Kubernetes control plane Kubernetes Control Plane API Server etcd Scheduler Controller Manager Kubernetes Master API Server etcd Scheduler Controller Manager Kubernetes Nodes Kubelet Container Runtime Kube-Proxy Container Network
  • 11. Google Kubernetes Engine (GKE) gcloud cmd Kubernetes cluster Worker node Master node Worker node Runtime E.g.Docker Kubelet Control Plane Runtime E.g.Docker Kubelet Deployment Pod Containe r Container Pod Containe r Container Node pool Deployment Pod Containe r Container Pod Containe r Container Pod Containe r Container Pod Containe r Container Deployment Pod Containe r Container Pod Containe r Container Pod Containe r Container Pod Containe r Container service calls Service A Service B kubectl cmd GKE with Kubernetes
  • 12. GKE Value Add ● Master management including master redundancy, upgrade, replication and backup ● Worker node lifecycle management ● IAM integration for security and authentication ● Get all benefits of Google compute engine including Networking and Storage ● Integration with other Google cloud services like load balancer, storage, big data, analytics ● Pod and cluster autoscale ● Integrated logging and monitoring with Stackdriver ● 99.5% SLA
  • 15. Container Security pillars Software supply chain Is my container image secure to build and deploy? Infrastructure security Is my infrastructure secure for developing containers? Container runtime security Is my container secure to run? Application security Platform security Are my applications secure? Is my (cloud provider’s) infrastructure secure? ● IAM, RBAC, Pod access policy ● Shared VPC ● Private cluster ● Network control policy ● Image scanning ● Binary authorization ● Container OS ● Node OS(CoS) ● Cloud security command center ● Tie-up - Aquasec, Capsule8, Stackrox, Sysdig, Twistlock
  • 16. Confidential & Proprietary Google Kubernetes Engine patches you to the latest version, automatically. This keeps you up to date with security patches and with new features Google Kubernetes Engine provides common best practices with security by default. There will always be app-level hardening and tuning to do Google Kubernetes Engine provides the best of Google Cloud Platform security features, with integrations with IAM, Audit Logging, VPC, and more 1 2 3 Why GKE security?
  • 17. Kubernetes Engine: Use RBAC and IAM RBAC is enabled by default for GKE 1.8+ clusters Use IAM to manage users and permissions at the project-level, including API access, service accounts, and quotas. Use RBAC at the cluster and namespace level to set permissions. Infra sec
  • 18. Kubernetes: RBAC Example RBAC is enabled by default for Kubernetes 1.8+ clusters e.g., give the ‘blue team’ user ‘cluster admin’ rights in the ‘blue’ namespace $ cat blue-binding.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: blue-dev-binding namespace: blue subjects: - kind: User name: blue-team-dev@kube-pw.iam.gsa.com roleRef: kind: ClusterRole name: admin apiGroup: rbac.authorization.k8s.io Infra sec
  • 19. Kubernetes: PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: privileged: false # Don't allow privileged pods! allowPrivilegeEscalation: false # Don’t allow privilege escalation runAsUser: # Require the container to run without root privileges rule: ‘MustRunAsNonRoot’ supplementalGroups: # Forbid adding to the root group rule: ‘MustRunAs’ ranges: - min: 1 max: 65535 Infra sec
  • 20. Network control policy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: hello-allow-from-product spec: policyTypes: - Ingress podSelector: matchLabels: app: reviews ingress: - from: - podSelector: matchLabels: app: productpage Product Reviews Details Ratings Infra sec
  • 21. Private Clusters Trusted Virtual Private Cloud (VPC) Kubernetes Engine Cluster Node Node Node Google Kubernetes Engine Kubernetes Master Trusted On-prem Host HostVPN Untrusted Internet Infra sec
  • 22. Shared VPC Sharing of common resources More granular billing Isolation of data and support for multi-tenant workloads Security and separation of roles Infra sec
  • 23. Shared VPC Organization Apps project Kubernetes Engine clusters Apps team Shared VPC network subnet-1 subnet-2 Network admin Host Project DB project Kubernetes Engine clusters DB team Infra project Kubernetes Engine clusters Infra team Private IP connectivity Infra sec
  • 24. GKE: Minimal OS Container-optimized OS (COS) based on Chromium OS, and maintained by Google ● Built from source: Since COS is based on Chromium OS, Google maintains all components and is able to rebuild from source if a new vulnerability is discovered and needs to be patched ● Smaller attack surface: Container-Optimized OS is purpose-built to run containers, has a smaller footprint, reducing your instance's potential attack surface ● Locked-down by default: Firewall restricts all TCP/UDP except SSH on port 22, and prevents kernel modules. Root file system is mounted read-only ● Automatic Updates: COS instances automatically download weekly updates in the background; only a reboot is necessary to use the latest updates. Google provides patches and maintenance https://cloud.google.com/container-optimized-os/ Image sec
  • 25. GCR: Vulnerability Scanning (Alpha) ● Scans all images in your private Google Container Registry for known Common Vulnerabilities and Exposures (CVEs) ● Examines images and packages ● Works for: Debian, Ubuntu and Alpine images ● Images are scanned when: ○ An image is added to the registry ○ There is an update to the vulnerability database https://cloud.google.com/container-registry/docs/vulnerability-scanning Image sec
  • 26. To use, ● Enable the Container Analysis API ● Enable Vulnerability Scanning GCR: Vulnerability Scanning (Alpha) https://cloud.google.com/container-registry/docs/vulnerability-scanning Image sec
  • 27. 27 Launch container Requirements met?YES Requirements Grafeas Binary Authorization policyNO Block launch Attestations Code Signed by: * Builder * Analysis tool Must be built by myphotos.com Binary authorization (Alpha) Image sec
  • 28. Container security Runtime security Sandboxing Verification with vTPM Isolate a workload at the pod level using hypervisor-like technology Bind information to a node and verify integrity of a workload using TPMs Runtime detection agent Monitor, detect, and react to common container attacks Runtime sec
  • 29. Runtime security partners in Cloud SCC Cloud Security Command Center 5 partner integrations Runtime sec
  • 30. 30 0GKE for Enterprises - Observability
  • 31. Microservices Kubernetes makes it easy to break monolithic applications into independently scalable microservices More pieces to monitor and operate Stackdriver - Rethinking monitoring with Kubernetes Abstracted Infrastructure Kubernetes offers a lot of flexibility, with many constructs that support and make building your app easier Increased observability across your entire Kubernetes environment becomes necessary Highly Dynamic Environment Your environment scales and adapts as needed, changing as it reschedules and restarts components Keep track of your applications, which may be constantly moving
  • 32. Multi-cluster monitoring with support for Kubernetes Engine on GCP and Kubernetes on-prem in a single place Hybrid, multi-cluster Kubernetes monitoring
  • 33. 33 Stackdriver logging ● Review, monitor and alert on audit logs centrally ● “jamie@myphotos.com deployed a new frontend version @ time T” ● Runtime metrics gathered and exported ● “Photo book creation latency in the last 10 minutes was 1.3s” K8s Application logs audit logs Stackdriver monitoring Prometheus GKE: Monitoring & logging
  • 34. VPC Flow Logs for Kubernetes Engine BigQuery Cloud Pubsub Stackdriver Logging Captures all flows in VPC Integration with a host of partners Optimize network usage and egress Network Forensics & Security Analysis Real-time Security Analysis
  • 35. Kubernetes Load Balancing - Suboptimal Two levels of load balancing Inaccurate cloud-level health checks Multiple network hops
  • 36. GKE Load balancing with Network Endpoint Group Containers are “just another endpoint” Accurate cloud-level health checks and load balancing No extra network hops; direct connection from load balancer to container
  • 37. Region: US West Kubernetes Engine Alice California Google Edge myapp.com 120.1.1.1 Chao Singapore Google Edge myapp.com 120.1.1.1 Region: Asia East Kubernetes Engine Bob London Google Edge myapp.com 120.1.1.1 Region: Europe West Kubernetes Engine kind: Ingress Google Global HTTP(S) Load Balancing Multi-region clusters
  • 39. Each week, Google launches more than four billion containers across its data centers around the world. These containers house the full range of applications Google runs, including user-facing applications such as Search, Gmail, and YouTube. Kubernetes was directly inspired by Google’s cluster manager, internally known as Borg. Borg allows Google to direct hundreds of thousands of software tasks across vast clusters of machines numbering in the tens of thousands — supporting seven businesses with over one billion users each. Borg and Kubernetes are the culmination of Google’s experience deploying resilient applications at scale. Containers at Google
  • 40. GA for 3 years
  • 41. Marquee customers Kubernetes Engine (GKE) marquee customers
  • 44. GKE Extended into your Datacenter Google Cloud Platform Serverless add-on for GKE Google Kubernetes Engine Istio add-on for GKE Service Marketplace Stackdriver + Prometheus Serverless add-on for GKE Google Kubernetes Engine On-Prem Istio add-on for GKE Service Marketplace Stackdriver + Prometheus Your Datacenter Single-pane-of-glass UI Policy Syncing Aggregated Logging CI/CD Service Discovery Multi-cluster Ingress
  • 47. References ● Container Security - Blog series ● GKE NEXT18 sessions