Self-Service Allowlisting of Privileged Apps on GKE Autopilot
1 254
11
Google Cloud Platform1.36 млн
Следующее
283 дня – 17 6392:13Популярные
22 дня – 6 7471:05:16
29 дней – 1 5714:01Опубликовано 15 июля 2025, 16:01
Learn more here → goo.gle/3HYLKGk
GKE allows a subset of approved partners to run privileged workloads in Autopilot clusters. These privileged workloads can bypass some of the security constraints that Autopilot enforces. For example, a partner might need to run a workload that uses specific Linux capabilities or requires a privileged container. Partners create and maintain allowlists for their privileged workloads. Each allowlist is a file that matches a specific privileged partner workload. Partners submit these allowlist files to GKE for approval. After approval, GKE hosts the allowlist file in a Google-managed repository. To run a partner workload, you install the corresponding allowlist file in your cluster. GKE provides a Kubernetes custom resource named the AllowlistSynchronizer that installs allowlists and keeps them up to date. After an allowlist installs successfully, you can deploy the corresponding privileged partner workload.
Subscribe to Google Cloud Tech → goo.gle/GoogleCloudTech
Speaker: Adin Ilfeld, Cristobal Sepulveda Cardenas
Products Mentioned: Google Kubernetes Engine
GKE allows a subset of approved partners to run privileged workloads in Autopilot clusters. These privileged workloads can bypass some of the security constraints that Autopilot enforces. For example, a partner might need to run a workload that uses specific Linux capabilities or requires a privileged container. Partners create and maintain allowlists for their privileged workloads. Each allowlist is a file that matches a specific privileged partner workload. Partners submit these allowlist files to GKE for approval. After approval, GKE hosts the allowlist file in a Google-managed repository. To run a partner workload, you install the corresponding allowlist file in your cluster. GKE provides a Kubernetes custom resource named the AllowlistSynchronizer that installs allowlists and keeps them up to date. After an allowlist installs successfully, you can deploy the corresponding privileged partner workload.
Subscribe to Google Cloud Tech → goo.gle/GoogleCloudTech
Speaker: Adin Ilfeld, Cristobal Sepulveda Cardenas
Products Mentioned: Google Kubernetes Engine
Свежие видео
7 дней – 1391:11
7 дней – 34 6800:23
12 дней – 7 45812:38
12 дней – 4941:05
13 дней – 41 3310:43
14 дней – 12 8553:02Случайные видео
1 день – 124 9733:34:25
282 дня – 38 49011:56
361 день – 5811:33
15.01.25 – 1 2411:00
20.10.24 – 14 35211:16
5 дней – 21 5240:09
7 дней – 2 6400:08
9 дней – 22 5690:16
11 дней – 1 15721:32
11 дней – 1 3341:05
17 дней – 120 33215:16
1 день – 8 0723:56:43
4 дня – 75 72910:16