Google Kubernetes Engine Upgrades: Regional Clusters, New Dashboard and Security Recommendations

| by Steef-Jan Wiggers Follow 7 Followers on Dec 22, 2017. Estimated reading time: 2 minutes |

Google has enhanced its Kubernetes Engine (GKE) service with a few upgrades. Customers can now use GKE at scale, manage clusters with a web-based dashboard Cloud Console besides the supported kubectl command line interface, and harden the security by applying Google’s best practices for running a Kubernetes cluster.

At the beginning of December, Google announced that the regional clusters in GKE are in beta and more scalable, which means customers can now create a Kubernetes cluster with multi-masters and a highly available control plane. The benefits of regional clusters are minimal downtime when upgrading masters and resilience of single zone failure. With the new Cloud Console for GKE customers can better manage clusters, troubleshoot, and perform any fixes. Moreover, Google provides several best practices regarding running a Kubernetes cluster. They recommend using the least privileged accounts for nodes, administrators to disable the Kubernetes Web UI (aka Kubernetes Dashboard) and legacy authorization in production environments.


With a Kubernetes regional cluster, the masters and nodes are spread across three zones, each by default having three nodes. The spread of master and nodes across zones ensures availability when one zone fails. Moreover, the availability and scalability can be further enhanced by increasing the number of nodes in each zone through the --num-nodes flag. More details about the regional cluster feature can be found in the documentation.


During the beta period of regional cluster feature of GKE, there will be no charges until GA. Finally, while setting up a cluster, Google recommends:

  • Creating service accounts in the IAM section of the Cloud Console with the principle of least privileged before associating them to the nodes. 
  • Disable the Kubernetes Web UI when the cluster is up and running as it is backed by a highly privileged account.
  • Disable the legacy authorization, that is the Attribute-Based Access Control (ABAC). In version 1.8 of Kubernetes, ABAC is disabled by default. 

The security recommendation full details of running a Kubernetes cluster in GKE can be found on the Google Cloud Platform blog

The three public cloud providers each now support Kubernetes through their services. Both Amazon and Microsoft have generic container orchestration tools available in their cloud platforms. However, both currently focus predominately on Kubernetes. Microsoft supports Kubernetes by a dedicated Azure Container Services for Kubernetes (AKS), which they rolled out last October and is in public preview. Amazon announced during their recent re:Invent that they would support Kubernetes through a new service named Amazon Elastic Container Service for Kubernetes (Amazon EKS), also in public preview. 

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you