Google Kubernetes Engine -New features (managed Kubernetes)

GKE: new Features launched in Google next 2019

1. VPC native (Scalability)
2. Shared VPC (Security)
3. Private clusters (Security)
4. Container native load balancing (Networking)
5. Master Authorized networks (Security)
6. Managed SSL/TLS certs (Security)
7. Intranode Visibility (Visibility)
8. VPC flow logs (Visibility)
9. Cloud Armor (App and DDOS Security)

*******************************************************************

Digging into each Feature :

• Run GKE Kubernetes cluster in “VPC native” networking mode, which leads to using less number of IP’s for Kubernetes Pods and Services
• With “VPC Native”, Google manages all CIDR allocation for Kubernetes Pods & Services
• with “VPC native”, we get Scalability of Pods IP’s & Optimized IP allocation
• Google GKE — Kubernetes cluster can run in “Private cluster” mode, all Master and Worker nodes are assigned Private IP addresses
• When we run GKE Kubernetes cluster in “Private cluster” mode, all Masters and Workers nodes cannot be accessed from Internet or External IP. If you want to give secured (firewall whitelisting rule) access to Master nodes, then enable “Master Authorized Networks” setting
• GKE service, offers a new TLS “Managed certificates” Service. This service will provision & issue new TLS certs to Google Ingress Load balancer.
• In GKE cluster, use “Container native load balancing” feature, to make sure all Requests from Ingress Load balancer are routed directly to each Pod. There are no network Hops between LB & Pods & Latency improves.
• In GKE cluster, use the new Feature “Intranode Visibility” (Beta). You will get visibility of all (Pod to Pod) traffic on the Same Node. Also enable “VPC Flow logs” feature, along with “Intranode Visibility”.