<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog >

Introducing Shielded VMs in GKE: The Basics


Security has always been a common consideration for any business investing in new technology. After all, whether you're designing state-of-the-art apps, storing business workloads, or managing data, you can be sure that there are attackers out there, ready to snatch and steal your hard work. 

Recently, the Google Kubernetes security audit highlighted the security available for today's GKE nodes. However, Google isn't content to simply rely on the high marks that it got in its latest audit to put customers at ease. That's why the Google Cloud team also introduced Shielded GKE nodes in beta at the beginning of September, to help businesses increase the protection offered to their Kubernetes solutions. 

A compromised node in GKE could potentially give attackers plenty of opportunities to gain access to valuable data or user code. Shielded GKE nodes aim to protect against a host of attacks by hardening the underlying node against boot and root-kits. Here's what you need to know about the Shielded solutions provided by Google.



What Do You Get with a Shielded GKE Node?


Ultimately, shielded GKE nodes offer access to a host of useful features intended to improve Kubernetes security. For instance, users can access OS provenance checks that make sure that your node OS is running properly within a VM in your Google data center. There's also access to enhanced bootkit and rootkit protection which Google provides by leveraging advanced capabilities like virtual trusted platform modules, secure boots, and UEFI firmware. 

Google's Shielded GKE nodes also come with integrity monitoring and standards-based security that builds on the TCG platform module. With Shielded nodes, Google's users can access a standardized set of specifications for trusted computing, enhancing, and protecting the bootstrapping process. 

Already, major brands like Shopify rely heavily on shielded nodes from Google to keep their data and applications secure. Shopify uses around 50 GKE clusters in regions around the world. According to a blog from Google, Shielded nodes give Shopify's 10,000 Kubernetes services more security, while reducing overheads.

How Can You Use Shielded Nodes?


Shielded GKE nodes from Google are just one of the latest strategies that Google is using to give today's enterprises and developers more piece of mind. The Shielded GKE nodes are built on top of the Google Compute Engine Shielded virtual machine, or 'VM.' This means that users are getting access to the data exfiltration solutions and integrity that they need to defend their virtual machines. As with shielded VMs, customers in the Google Kubernetes environment can use their shielded GKE nodes without having to pay any extra for their service. 

All you need to do to get started is to specify that you want to enable shielded nodes when you begin creating your new GKE cluster. You will need to update your cluster versions to access the new feature. However, you can specify your cluster version using the release channel or cluster version flags. Google even offers documentation for customers who need help moving their current VMs and GKE clusters into the latest version of GKE nodes. You can find Google's guidance for shielded GKE users here. 

While GKE shielded nodes might not be the most exciting update for everyone in the Google Cloud environment, it is a valuable step forward in the compute engine for users who run production applications and need the highest level of protection available. In today's unpredictable computing environment, there's always a risk that someone could be out there trying to hack their way into your clusters and steal your valuable information. 

Shielded GKE nodes are how Google can offer today's users the benefits of secure boot features, UEFI firmware, and vTPM solutions in a pre-hardened space. The answer has been designed from scratch specifically for Kubernetes users so that everyone in the GKE environment can quickly and effectively improve their security posture. 

Shielded GKE nodes from Google are now available in all regions worldwide, with options for both containers optimized OS images, and Ubuntu options. You can try out shielded nodes in the GKE environment today for no extra charge on your existing services.